Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7, boot to a black screen with cursor


  • This topic is locked This topic is locked
22 replies to this topic

#1 Marharg

Marharg

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 15 August 2013 - 03:19 AM

I have a friend's machine that she has asked me to try and fix it is an Acer Z610 all in one touch screen.

 

 She told me that when the machine was turned on (immediately before the problem) it was scrolling a message about replacing invalid security ID with default, that may not have been the whole message, unfortunately she didn't write it down.

 

The machine now boots through the bios screen and past the windows loading screen with the pulsating logo,  the screen then goes black with a white pointer and that's all, the same thing happens in safe mode.

 I have booted to my Windows 7 Recovery disc, the memory scans OK, but the boot repair fails very quickly and system repair fails on all of the available restore points quoting a failure of some memory location.

 

Other than removing the HDD, using another machine to get her data off (she has made no backups despite my advice) and then re-installing windows, I can't think of my next step.

 

 

Can anyone offer me some help please?

 

Graham



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 AM

Posted 15 August 2013 - 05:25 AM

Welcome to BleepingComputer, I have reported your topic as unbootable so a member of the team who deals with these problems can help you. Please be patient.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 17 August 2013 - 09:19 AM

Edit, Acer Z5610



#4 Dieterj

Dieterj

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 18 August 2013 - 09:01 AM

I have exactly the same problem!

Hardware = ok but booting win7 64 bit ends up in showing black screen with cursor.

No software installs or updates in the last day that can be responsible.

Booting in minimal screen resolution don't bring help. 

 

Best regards,

Dieter



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:58 AM

Posted 25 August 2013 - 11:34 AM

Hello Marharg, and sorry for the delay. 

Could you please let me know if you have a Windows installation/repair disk?

 

Can you access the command prompt in the recovery environment?

 

@ Dieterj, if you need assistance, please start a separate topic, do not hijack someone else's topic, this only causes confusion. 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 25 August 2013 - 05:57 PM

Blonde,

 

 Thanks for the response.

 

Firstly let me answer you questions, yes I have MY Windows installation disc and my recovery disc, and I can get to the recovery environment:

 

Boot Repair             - tried several times, each time "OS booted correctly"....it didn't

Memory Test           - Passed

Restore                   - Only four restore points available, all fail at some memory location

Command Prompt   - SFC fails "repair in progress" CHKDSK found and fixed a few issues (still failed to boot)

 

 

While waiting for a response here I continued to search via google, it amazes me how many "experts" fail to read the problem and offer solutions like "in safe mode hit the start button.............", anyhow,  I tried those responses that were considered and seemed plausible to my inexpert brain.

 

Some sites said that "windows does that occasionally" and that the problem was supposedly fixed in vista sp1.

 

Amongst them were references to the "replacing invalid security ID..." saying that the permissions of all files having been changed to default (which seems to be, in effect, nobody), the logical possible solution was to reset all files to some user that was valid, not knowing enough about this, I thought setting permissions to everyone would be easier. So I followed advice in search results and, from CMD,  I used icacls to do that, the screen scrolled very fast for perhaps two hours as each file was changed, then lo and behold, I could boot into windows and log on using my friend's credentials, again, following advice, I set the permissions to more sensible values.
All seems to be at least usable, I have offloaded her pictures and files as best I can, when she returns from holiday next week I will discuss with her what to do next, I am in favour of a rebuild.

 

I hope this may save others some hours of searching.

 

 

Graham



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:58 AM

Posted 26 August 2013 - 01:59 AM

Hello Graham,
It is possible that this is hardware failure (hard disk, since you mention some issues were found during the disk check), but lets run a scan to get a bit more information.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 26 August 2013 - 06:21 PM

Elise,

 

In my previous post I said that I had managed to get into the machine, if scans would assist you in future I would be happy to continue.

The machine is still not running entirely correctly, it takes a long time to boot, reports that the recycle bin is corrupt and internet explorer acts very strangely trying to update FRST from safe mode.

Attached are the two files saved from the FRST scan (in safe mode)

 

Graham

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by Desktop (administrator) on 27-08-2013 00:08:13
Running from C:\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TouchPortal] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe [4936192 2009-08-25] (Acer Corp.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [TouchORB] - C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-08-10] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [PhotoGadgetFirstRun] - 0 [x]
HKCU\...\Run: [MusicGadget] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchMusic.exe [416256 2009-08-25] ()
HKCU\...\Run: [PhotoGadget] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPhotoShow.exe [382976 2009-08-25] (acer)
HKCU\...\Run: [PhotoGadgetFirstRun_Portal] - 0 [x]
HKCU\...\Run: [TouchMemo] - 0 [x]
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-14] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
MountPoints2: {951a0f91-0107-11df-a9b5-000df076d9c7} - F:\LaunchU3.exe -a
MountPoints2: {c3f3e226-1337-11e0-b404-00269e4875c9} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2236080 2013-07-04] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_z5610&r=17360110e400p0337y1m5w48l1t540
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7E700156-9D14-4FFD-9729-24159C5AF960}&mid=bfefc4002144bff4960b5dca6395bfab-75bd41cb937e31183580812270a49466a6be4ea1&lang=en&ds=AVG&pr=fr&d=2012-10-24 18:13:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=510
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7E700156-9D14-4FFD-9729-24159C5AF960}&mid=bfefc4002144bff4960b5dca6395bfab-75bd41cb937e31183580812270a49466a6be4ea1&lang=en&ds=AVG&pr=fr&d=2012-10-24 18:13:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [364672 2009-06-06] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 AVPolDIR; C:\Windows\System32\DRIVERS\AVPolDIR.sys [6656 2009-06-06] (AVerMedia TECHNOLOGIES, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-19 14:35 - 2013-06-10 07:08 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-19 14:33 - 2013-08-19 14:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-19 14:33 - 2013-08-19 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-19 14:32 - 2013-08-19 14:32 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall.exe
2013-08-17 03:15 - 2013-08-17 03:15 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-17 01:51 - 2010-06-26 15:41 - 01864704 _____ (Microsoft Corporation) C:\Windows\explorerframe.dll
2013-08-14 03:21 - 2013-08-27 00:08 - 00000000 ____D C:\FRST
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\ProgramData\Desktop\Google Earth.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-08-27 00:08 - 2013-08-14 03:21 - 00000000 ____D C:\FRST
2013-08-26 23:59 - 2010-01-14 21:19 - 01894471 _____ C:\Windows\WindowsUpdate.log
2013-08-26 23:46 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 23:46 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 23:40 - 2010-02-03 17:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 23:40 - 2010-01-14 13:37 - 00000000 ____D C:\Users\Desktop\Tracing
2013-08-26 23:39 - 2013-06-08 00:18 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-08-26 23:39 - 2013-06-04 16:23 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-26 23:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 23:37 - 2009-07-14 05:51 - 00163069 _____ C:\Windows\setupact.log
2013-08-19 23:29 - 2010-01-14 13:50 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA.job
2013-08-19 23:03 - 2010-02-03 17:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 19:57 - 2009-07-14 06:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 19:55 - 2013-08-19 19:55 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-19 19:55 - 2010-01-14 13:50 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core.job
2013-08-19 14:33 - 2013-08-19 14:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-19 14:33 - 2013-08-19 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-19 14:32 - 2013-08-19 14:32 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall.exe
2013-08-19 01:46 - 2010-02-25 20:11 - 00000000 ____D C:\Users\Desktop\Documents\Ben
2013-08-19 01:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\winevt
2013-08-18 22:25 - 2010-05-17 17:08 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Skype
2013-08-18 16:17 - 2012-05-30 20:19 - 00000000 ____D C:\ProgramData\MFAData
2013-08-17 03:15 - 2013-08-17 03:15 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-04 19:31 - 2010-01-14 13:51 - 00002384 _____ C:\Users\Desktop\Desktop\Google Chrome.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\ProgramData\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2009-09-16 04:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-01 05:02 - 2013-07-04 08:26 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-19 23:23
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013
Ran by Desktop at 2013-08-27 00:08:45
Running from C:\FRST
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3003)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer Registration (x32 Version: 1.02.3004)
Acer ScreenSaver (x32 Version: 1.1.0812)
Acer Touch Suite (x32 Version: 1.00.3003)
Acer Updater (x32 Version: 1.01.3014)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.6.606)
Advertising Center (x32 Version: 0.0.0.2)
Airport Mania First Flight (x32)
Alice Greenfingers (x32)
Amazonia (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
AVG 2013 (Version: 2013.0.3349)
Backup Manager Advance (x32 Version: 2.0.2.19)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825)
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825)
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825)
CCC Help Czech (x32 Version: 2009.0625.1811.30825)
CCC Help Danish (x32 Version: 2009.0625.1811.30825)
CCC Help Dutch (x32 Version: 2009.0625.1811.30825)
CCC Help English (x32 Version: 2009.0625.1811.30825)
CCC Help Finnish (x32 Version: 2009.0625.1811.30825)
CCC Help French (x32 Version: 2009.0625.1811.30825)
CCC Help German (x32 Version: 2009.0625.1811.30825)
CCC Help Greek (x32 Version: 2009.0625.1811.30825)
CCC Help Hungarian (x32 Version: 2009.0625.1811.30825)
CCC Help Italian (x32 Version: 2009.0625.1811.30825)
CCC Help Japanese (x32 Version: 2009.0625.1811.30825)
CCC Help Korean (x32 Version: 2009.0625.1811.30825)
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825)
CCC Help Polish (x32 Version: 2009.0625.1811.30825)
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825)
CCC Help Russian (x32 Version: 2009.0625.1811.30825)
CCC Help Spanish (x32 Version: 2009.0625.1811.30825)
CCC Help Swedish (x32 Version: 2009.0625.1811.30825)
CCC Help Thai (x32 Version: 2009.0625.1811.30825)
CCC Help Turkish (x32 Version: 2009.0625.1811.30825)
ccc-core-static (x32 Version: 2009.0625.1812.30825)
ccc-utility64 (Version: 2009.0625.1812.30825)
Chicken Invaders 2 (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink PowerCinema (x32 Version: 7.0.3306)
CyberLink YouCam (x32 Version: 3.0.2102)
Dairy Dash (x32)
DMUninstaller (x32)
dows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0703)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
First Class Flurry (x32)
Galapago (x32)
Garmin Communicator Plugin (x32 Version: 3.0.1)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hotkey Utility (x32 Version: 1.00.3004)
iCloud (Version: 2.1.2.8)
Identity Card (x32 Version: 1.00.3001)
ImagXpress (x32 Version: 7.0.74.0)
ITECIR (x32 Version: 1.00.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 18 (x32 Version: 6.0.180)
JMicron Flash Media Controller Driver (x32 Version: 1.0.32.1)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Malwarebytes' Anti-Malware (x32)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (x32 Version: 2.0.2313.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.72.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.1.100)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Norton Online Backup (x32 Version: 1.2.0.36)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5901)
Safari (x32 Version: 5.34.57.2)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
Star Defender 4 (x32)
TouchSettings (x32 Version: 1.00.0002)
Tumble Bees To Go (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VAFPlayer (x32 Version: 1.6.8)
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Welcome Center (x32 Version: 1.00.3005)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {13C896F0-702F-4DBB-A2AD-D32931290EDC} - System32\Tasks\{F0935566-AC92-4619-8750-4167640D7337} => c:\users\desktop\appdata\local\google\chrome\application\chrome.exe [2013-07-25] (Google Inc.)
Task: {3B00F90A-5E71-4440-8B23-08DDCBA6F42E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {41164805-8F30-4D3E-83DE-CF8F449935A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {5EE7E71F-AFCD-4D93-9E6C-7BB394DCFF59} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{BFF9633D-2B1A-4649-95EB-EB59EB32B4D3}.exe No File
Task: {604EDFE4-6E5D-4C05-A4FD-03DAA4924A2C} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {6B0B9D06-AD73-4C75-96A7-8C2E0FDB3F39} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {7BC914BF-3226-49F5-8E7B-A54B0105E77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {7EEA3CE6-D7B6-4CE9-AB53-CC64C3FB7970} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {82A6D496-B2B7-4769-96E4-DD75F7A7C56B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1E480AC-2FD2-499B-8F04-B75903F2B65C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B176C174-D0FD-4914-8456-4D6778F862A5} - System32\Tasks\{4B52D32A-8D9F-4EBA-9847-15C31F83D6C0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {B276E915-7D0B-45EF-9FD4-2DEFA6780750} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {EA9F09B7-9D21-4E4B-8342-E30278DADEEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {F58613A4-BE06-46C6-9E2B-11D9E24D14B7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{48F9DE56-E3FE-4054-943A-FCBC7ED1643B}.exe No File
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{BFF9633D-2B1A-4649-95EB-EB59EB32B4D3}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{48F9DE56-E3FE-4054-943A-FCBC7ED1643B}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core.job => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA.job => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe
 
 
==================== Faulty Device Manager Devices =============
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2013 11:54:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x116c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xa0c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xc34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x518
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x15ac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x1030
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xf34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x1140
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x1458
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:52:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x16c0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:34 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 4093.42 MB
Available physical RAM: 3387.21 MB
Total Pagefile: 8185.03 MB
Available Pagefile: 7499.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:342.27 GB) (Free:229.79 GB) NTFS
Drive d: (DATA) (Fixed) (Total:342.27 GB) (Free:341.17 GB) NTFS
Drive f: (HD-LBU2) (Fixed) (Total:2794.52 GB) (Free:2750.53 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:14.83 GB) (Free:13.81 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: AE7D0CFA)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=342 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 329AD981)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
 
==================== End Of Log ============================


#9 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 26 August 2013 - 06:59 PM

Elise,

 I didn't state clearly that I would appreciate your continuing help with this.

 

G



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:58 AM

Posted 27 August 2013 - 02:13 AM

Hi,

For starters, you have two AVs installed here. Especially AVG will not play well with others. At this point I'd recommend to uninstall AVG completely and leaving Microsoft security Essentials. Also uninstall AVG Secure Search/AVG secure toolbar, as that seems to be causing the Internet Explorer issues.

 

The recycle bin will usually ask you to empty it when it is corrupt, did you OK this and did that fix the problem?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 27 August 2013 - 03:23 AM

Elise,

 

 Yes I had noticed McAfee and AVG (AVG complaining about renewal), I will uninstall both AVG and toolbars and ensure MSSE is up to date.

 

The recycle bin contains 19.1G (it said) so I hesitated to delete it, I will do so now.

 

 

G



#12 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 27 August 2013 - 07:53 AM

Elise,

 

 Recycle bin emptied, a test file deleted to bin then deleted, all O.K.

 

McAfee and AVG removed, AVG required "AVG reset tool" to be run followed by "AVG remover tool" then a restart. The machine hung at the BIOS splash screen, I forced a power down, restarted, it booted through the BIOS and windows startup screens but there was no desktop (no icons, no start button) only Chrome with the AVG uninstall survey page. I accessed task manager, stopped explorer then restarted explorer, got the desktop as normal.

 

Updated MSSE, and did quick scan....all OK.

 

G



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:58 AM

Posted 27 August 2013 - 09:47 AM

Could you try to reboot once more, and let me know if explorer has the same issue? Please post also a new FRST log.

 

A BIOS hang is a bad sign, that usually points to hardware issues, not software.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 Marharg

Marharg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:58 AM

Posted 27 August 2013 - 05:18 PM

Elise,

 Rebooted, IE seems to be fine (previously it crashed trying to update FRST)

 

I have just realised that I had the backup HDD connected, that could easily have stalled the boot (took me ages to realise the "readyboost" USB memory on my laptop was causing up to 30 minute BIOS screens) :cherry:

 

FRST logs follow (done from within windows)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03
Ran by Desktop (administrator) on 27-08-2013 20:03:10
Running from C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ECTNUIL
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Acer Corp.) C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Acer\Acer Touch Suite\TouchMusic.exe
(acer) C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPhotoShow.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Acer\Acer Touch Suite\SNSAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\Acer\Acer Touch Suite\MusicAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TouchPortal] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe [4936192 2009-08-25] (Acer Corp.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [TouchORB] - C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [151368 2009-08-10] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [PhotoGadgetFirstRun] - 0 [x]
HKCU\...\Run: [MusicGadget] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchMusic.exe [416256 2009-08-25] ()
HKCU\...\Run: [PhotoGadget] - C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPhotoShow.exe [382976 2009-08-25] (acer)
HKCU\...\Run: [PhotoGadgetFirstRun_Portal] - 0 [x]
HKCU\...\Run: [TouchMemo] - 0 [x]
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-14] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
MountPoints2: {951a0f91-0107-11df-a9b5-000df076d9c7} - F:\LaunchU3.exe -a
MountPoints2: {c3f3e226-1337-11e0-b404-00269e4875c9} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_z5610&r=17360110e400p0337y1m5w48l1t540
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=510
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=510
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7E700156-9D14-4FFD-9729-24159C5AF960}&mid=bfefc4002144bff4960b5dca6395bfab-75bd41cb937e31183580812270a49466a6be4ea1&lang=en&ds=AVG&pr=fr&d=2012-10-24 18:13:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Desktop\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [364672 2009-06-06] (AVerMedia TECHNOLOGIES, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 AVPolDIR; C:\Windows\System32\DRIVERS\AVPolDIR.sys [6656 2009-06-06] (AVerMedia TECHNOLOGIES, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-27 10:04 - 2013-08-27 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 10:00 - 2013-08-27 10:00 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall (1).exe
2013-08-27 09:46 - 2013-08-27 09:46 - 01565744 _____ C:\Users\Desktop\Downloads\AVG_Remover_en.exe
2013-08-27 09:42 - 2013-08-27 09:42 - 00385944 _____ C:\Users\Desktop\Downloads\reset_access_avg2013_en.exe
2013-08-19 19:55 - 2013-08-27 10:04 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-19 14:35 - 2013-06-10 07:08 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-19 14:32 - 2013-08-19 14:32 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall.exe
2013-08-17 03:15 - 2013-08-17 03:15 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-17 01:51 - 2010-06-26 15:41 - 01864704 _____ (Microsoft Corporation) C:\Windows\explorerframe.dll
2013-08-14 03:21 - 2013-08-27 20:03 - 00000000 ____D C:\FRST
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\ProgramData\Desktop\Google Earth.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-08-27 20:03 - 2013-08-14 03:21 - 00000000 ____D C:\FRST
2013-08-27 20:03 - 2010-02-03 17:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-27 20:01 - 2010-01-14 13:28 - 00000000 ____D C:\Users\Desktop\AppData\Local\Google
2013-08-27 19:46 - 2010-01-14 21:19 - 01950980 _____ C:\Windows\WindowsUpdate.log
2013-08-27 19:29 - 2010-01-14 13:50 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA.job
2013-08-27 19:25 - 2013-06-08 00:18 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-08-27 19:25 - 2013-06-04 16:23 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-27 19:25 - 2010-02-03 17:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-27 19:25 - 2010-01-14 13:37 - 00000000 ____D C:\Users\Desktop\Tracing
2013-08-27 19:20 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 19:20 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 19:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 19:13 - 2009-07-14 05:51 - 00163237 _____ C:\Windows\setupact.log
2013-08-27 16:29 - 2010-01-14 13:50 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core.job
2013-08-27 10:04 - 2013-08-27 10:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 10:04 - 2013-08-27 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 10:04 - 2013-08-19 19:55 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-27 10:00 - 2013-08-27 10:00 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall (1).exe
2013-08-27 09:50 - 2009-09-16 04:26 - 00783942 _____ C:\Windows\PFRO.log
2013-08-27 09:46 - 2013-08-27 09:46 - 01565744 _____ C:\Users\Desktop\Downloads\AVG_Remover_en.exe
2013-08-27 09:42 - 2013-08-27 09:42 - 00385944 _____ C:\Users\Desktop\Downloads\reset_access_avg2013_en.exe
2013-08-27 09:30 - 2010-05-17 17:08 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Skype
2013-08-19 19:57 - 2009-07-14 06:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 14:32 - 2013-08-19 14:32 - 13813944 _____ (Microsoft Corporation) C:\Users\Desktop\Downloads\mseinstall.exe
2013-08-19 01:46 - 2010-02-25 20:11 - 00000000 ____D C:\Users\Desktop\Documents\Ben
2013-08-19 01:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\winevt
2013-08-17 03:15 - 2013-08-17 03:15 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-04 19:31 - 2010-01-14 13:51 - 00002384 _____ C:\Users\Desktop\Desktop\Google Chrome.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2013-08-04 19:08 - 00002216 _____ C:\ProgramData\Desktop\Google Earth.lnk
2013-08-04 19:08 - 2009-09-16 04:16 - 00000000 ____D C:\Program Files (x86)\Google
 
Files to move or delete:
====================
C:\Users\Desktop\AppData\Local\Temp\oi_{BF1CCA82-ED5A-4803-A9A5-C4401EF5B394}.exe
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Desktop\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Desktop\AppData\Local\Temp\AVG_Remover\AVG_Remover.exe
C:\Users\Desktop\AppData\Local\Temp\AVG_Remover\utils\7z.exe
C:\Users\Desktop\AppData\Local\Temp\AVG_Remover\download\remover.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\avg-secure-search-installer.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ProgFiles\AVG Secure Search\lip.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ProgFiles\AVG Secure Search\PostInstall.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ProgFiles\AVG Secure Search\Uninstall.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ProgFiles\AVG Secure Search\vprot.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ProgFiles\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ConfigFiles\avguidx.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\ConfigFiles\MachineIdCreator.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\avgdttbx.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\DriverInstaller.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\npsitesafety.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\ScriptHelper.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\SiteSafety.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a04240\CommonFiles\AVG Secure Search\ViProtocol.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\avg-secure-search-installer.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ProgFiles\AVG Secure Search\lip.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ProgFiles\AVG Secure Search\PostInstall.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ProgFiles\AVG Secure Search\Uninstall.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ProgFiles\AVG Secure Search\vprot.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ProgFiles\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ConfigFiles\avguidx.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\ConfigFiles\MachineIdCreator.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\avgdttbx.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\DriverInstaller.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\helper.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\log4cplusU.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\loggingserver.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\npsitesafety.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\ScriptHelper.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\SiteSafety.dll
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
C:\Users\Desktop\AppData\Local\Temp\avg_a03584\CommonFiles\AVG Secure Search\ViProtocol.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-27 10:22
 
==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 03
Ran by Desktop at 2013-08-27 20:04:04
Running from C:\Users\Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ECTNUIL
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3003)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer Registration (x32 Version: 1.02.3004)
Acer ScreenSaver (x32 Version: 1.1.0812)
Acer Touch Suite (x32 Version: 1.00.3003)
Acer Updater (x32 Version: 1.01.3014)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.6.606)
Advertising Center (x32 Version: 0.0.0.2)
Airport Mania First Flight (x32)
Alice Greenfingers (x32)
Amazonia (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Backup Manager Advance (x32 Version: 2.0.2.19)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825)
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825)
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825)
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825)
CCC Help Czech (x32 Version: 2009.0625.1811.30825)
CCC Help Danish (x32 Version: 2009.0625.1811.30825)
CCC Help Dutch (x32 Version: 2009.0625.1811.30825)
CCC Help English (x32 Version: 2009.0625.1811.30825)
CCC Help Finnish (x32 Version: 2009.0625.1811.30825)
CCC Help French (x32 Version: 2009.0625.1811.30825)
CCC Help German (x32 Version: 2009.0625.1811.30825)
CCC Help Greek (x32 Version: 2009.0625.1811.30825)
CCC Help Hungarian (x32 Version: 2009.0625.1811.30825)
CCC Help Italian (x32 Version: 2009.0625.1811.30825)
CCC Help Japanese (x32 Version: 2009.0625.1811.30825)
CCC Help Korean (x32 Version: 2009.0625.1811.30825)
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825)
CCC Help Polish (x32 Version: 2009.0625.1811.30825)
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825)
CCC Help Russian (x32 Version: 2009.0625.1811.30825)
CCC Help Spanish (x32 Version: 2009.0625.1811.30825)
CCC Help Swedish (x32 Version: 2009.0625.1811.30825)
CCC Help Thai (x32 Version: 2009.0625.1811.30825)
CCC Help Turkish (x32 Version: 2009.0625.1811.30825)
ccc-core-static (x32 Version: 2009.0625.1812.30825)
ccc-utility64 (Version: 2009.0625.1812.30825)
Chicken Invaders 2 (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink PowerCinema (x32 Version: 7.0.3306)
CyberLink YouCam (x32 Version: 3.0.2102)
Dairy Dash (x32)
DMUninstaller (x32)
dows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0703)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
First Class Flurry (x32)
Galapago (x32)
Garmin Communicator Plugin (x32 Version: 3.0.1)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hotkey Utility (x32 Version: 1.00.3004)
iCloud (Version: 2.1.2.8)
Identity Card (x32 Version: 1.00.3001)
ImagXpress (x32 Version: 7.0.74.0)
ITECIR (x32 Version: 1.00.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 18 (x32 Version: 6.0.180)
JMicron Flash Media Controller Driver (x32 Version: 1.0.32.1)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Malwarebytes' Anti-Malware (x32)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (x32 Version: 2.0.2313.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.72.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.1.100)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Norton Online Backup (x32 Version: 1.2.0.36)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5901)
Safari (x32 Version: 5.34.57.2)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
Star Defender 4 (x32)
TouchSettings (x32 Version: 1.00.0002)
Tumble Bees To Go (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VAFPlayer (x32 Version: 1.6.8)
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Welcome Center (x32 Version: 1.00.3005)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
 
==================== Restore Points  =========================
 
27-08-2013 18:51:13 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {13C896F0-702F-4DBB-A2AD-D32931290EDC} - System32\Tasks\{F0935566-AC92-4619-8750-4167640D7337} => c:\users\desktop\appdata\local\google\chrome\application\chrome.exe [2013-07-25] (Google Inc.)
Task: {3B00F90A-5E71-4440-8B23-08DDCBA6F42E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {41164805-8F30-4D3E-83DE-CF8F449935A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {5EE7E71F-AFCD-4D93-9E6C-7BB394DCFF59} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{BFF9633D-2B1A-4649-95EB-EB59EB32B4D3}.exe No File
Task: {7BC914BF-3226-49F5-8E7B-A54B0105E77B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {7EEA3CE6-D7B6-4CE9-AB53-CC64C3FB7970} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {82A6D496-B2B7-4769-96E4-DD75F7A7C56B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1E480AC-2FD2-499B-8F04-B75903F2B65C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B176C174-D0FD-4914-8456-4D6778F862A5} - System32\Tasks\{4B52D32A-8D9F-4EBA-9847-15C31F83D6C0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {B276E915-7D0B-45EF-9FD4-2DEFA6780750} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {EA9F09B7-9D21-4E4B-8342-E30278DADEEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {F0DBE431-DB90-488A-BCE1-EDAE1A8AAC4F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {F58613A4-BE06-46C6-9E2B-11D9E24D14B7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{48F9DE56-E3FE-4054-943A-FCBC7ED1643B}.exe No File
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{BFF9633D-2B1A-4649-95EB-EB59EB32B4D3}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{48F9DE56-E3FE-4054-943A-FCBC7ED1643B}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000Core.job => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2954791118-1671717909-3776053919-1000UA.job => C:\Users\Desktop\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2013 10:24:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (08/27/2013 10:22:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.
 
Error: (08/27/2013 09:30:29 AM) (Source: MsiInstaller) (User: Desktop-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27023. CA_Error27023: ToolbarStuff(0xC0070008): Toolbar install/uninstall failed
 
Error: (08/26/2013 11:54:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x116c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xa0c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xc34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x518
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x15ac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0x1030
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (08/26/2013 11:54:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AVG Secure Search_toolbar.dll, version: 15.3.0.11, time stamp: 0x51b8532c
Exception code: 0xc0000005
Fault offset: 0x00160d72
Faulting process id: 0xf34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (08/27/2013 07:13:10 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (08/27/2013 10:04:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0216.00
 
Source Path: 4.3.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/27/2013 09:50:55 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (08/27/2013 09:46:55 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2013 09:25:40 AM) (Source: Service Control Manager) (User: )
Description: The AVG Firewall service terminated with service-specific error %%-536805289.
 
Error: (08/27/2013 09:25:30 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
 
Error: (08/27/2013 09:25:29 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.4.0 service failed to start due to the following error: 
%%2
 
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/27/2013 00:07:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:58 AM

Posted 28 August 2013 - 02:09 AM

Did explorer (the desktop) load normally now? What other problems do you have at this point?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users