Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update/Defender will not update!


  • This topic is locked This topic is locked
13 replies to this topic

#1 derekjl

derekjl

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 15 September 2013 - 07:41 PM

I just recently noticed that neither of these are working on my Windows 7 OS. When attempting to use Windows Update the menu via the control panel hangs. When the new window finally opens I can click on "Check for Updates" but it does nothing and tells me that the service is not running, reboot computer. There is also a message "find out more about software from (null)". I have scanned for viruses and malware but with no luck. I am also getting an error checking for updates in Windows Defender. Someone please help!


Edited by derekjl, 16 September 2013 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 16 September 2013 - 03:39 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 16 September 2013 - 09:30 PM

Marius,

 

Here are the logs from FRST that you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by jim (administrator) on JIM-PC on 16-09-2013 21:58:53
Running from C:\Users\jim\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Brother Industries, Ltd.) C:\Program Files\Brownie\Brnipmon.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Hobbyist Software) C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google) C:\Users\jim\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Burnaware) C:\Program Files\BurnAware Free\BurnAware.exe
(Dropbox, Inc.) C:\Users\jim\AppData\Roaming\Dropbox\bin\Dropbox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink)
HKLM\...\Run: [BrStsWnd] - C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Hobbyist Software VLC Streamer] - C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1607496 2013-09-02] (Hobbyist Software)
MountPoints2: J - J:\LaunchU3.exe
MountPoints2: {8e571b94-bc62-11e0-ade6-0018f3149b53} - J:\StartClickFreeBackup.exe
MountPoints2: {cd985053-bc6b-11e0-a9d7-806e6f6e6963} - D:\setup.exe
HKU\UpdatusUser\...\Run: [Hobbyist Software VLC Streamer] - C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [ 2013-09-02] (Hobbyist Software)
HKU\UpdatusUser\...\Run: [Google Update] - C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-17] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF45952F4BD50CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
SearchScopes: HKLM - DefaultScope {C732EDD8-E83A-4880-8AE4-4F69B2DEAF8B} URL =
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - DefaultScope {C732EDD8-E83A-4880-8AE4-4F69B2DEAF8B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN34938846801915120&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=66524&tt=gc_&babsrc=SP_def&mntrId=BC100018F3149B53
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=18EF2B43F7E22DB39D3B52503B0F3083&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={BE11D0F8-DEDC-4629-B285-BD9BE2151778}&mid=70d7ad7ef26b47d1aaddd151b5f072a0-003bebfcd83eaf15feae10056d1de8a4bdcb1910&lang=en&ds=AVG&pr=fr&d=2012-09-26 15:50:22&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A405FC5D-AAAA-42FB-9E03-D9F53A39B882} URL = http://search.avg.com/route/?d=4e36d4ed&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - {C732EDD8-E83A-4880-8AE4-4F69B2DEAF8B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN34938846801915120&UM=2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default
FF user.js: detected! => C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\user.js
FF Homepage: google.com
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&CUI=UN13497133692840624&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jim\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\jim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jim\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jim\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\glarysearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\search.xml
FF Extension: United States English Spellchecker - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: appbario7  - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\{6926c7f7-6006-42d1-b046-eba1b3010315}
FF Extension: Bazzacuda Image Saver Plus - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF Extension: save-as-pdf-ff - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi
FF Extension: No Name - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\{9cfdd5db-2841-4970-acbc-b812ac1092e8}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited)
S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 NMSAccessU; C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [71096 2007-10-12] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1281112 2012-11-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
S2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-06-04] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-06-04] (Research In Motion Limited)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [504360 2012-12-25] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [35608 2008-05-14] (ITE Tech. Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-16] (MalwareBytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] ()
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 ProcObsrv; C:\Program Files\Glary Utilities 3\ProcObsrv.sys [11552 2013-09-02] (Glarysoft Ltd)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2013-06-04] (Research in Motion Limited)
R0 SI3114r; C:\Windows\System32\DRIVERS\SI3114r.sys [116776 2007-10-04] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-04] (Silicon Image, Inc)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-12-23] (Duplex Secure Ltd.)
R3 TD3004F60v; C:\Windows\System32\DRIVERS\TD3004F60v.sys [16320 2011-08-12] ( Inc)
S3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [230784 2007-06-08] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-13] (Microsoft Corporation)
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-08-18] (RealVNC Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S2 MCSTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 21:58 - 2013-09-16 21:58 - 00000000 ____D C:\FRST
2013-09-16 21:06 - 2013-09-16 21:06 - 01083437 _____ (Farbar) C:\Users\jim\Desktop\FRST.exe
2013-09-16 21:05 - 2013-09-16 21:06 - 04745728 _____ (AVAST Software) C:\Users\jim\Desktop\aswmbr.exe
2013-09-16 06:54 - 2013-09-16 07:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-16 06:52 - 2013-09-16 06:52 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-15 20:58 - 2013-09-15 20:58 - 00000584 _____ C:\Users\jim\mbr.log
2013-09-15 20:50 - 2013-09-15 20:51 - 00131072 _____ C:\Windows\Minidump\091513-50796-01.dmp
2013-09-15 17:50 - 2013-09-15 17:50 - 00000000 ____D C:\Users\jim\AppData\Roaming\SUPERAntiSpyware.com
2013-09-15 14:38 - 2013-09-16 18:33 - 00005970 _____ C:\Windows\PFRO.log
2013-09-15 13:55 - 2013-09-16 19:35 - 00000930 _____ C:\Windows\setupact.log
2013-09-15 13:55 - 2013-09-15 13:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 13:52 - 2013-09-15 13:52 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-15 13:47 - 2013-09-15 13:55 - 00000000 ____D C:\ProgramData\AVG
2013-09-15 13:46 - 2013-09-15 13:58 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-15 13:45 - 2013-09-16 18:36 - 00000316 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-15 13:45 - 2013-09-15 13:45 - 00001042 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-15 13:45 - 2013-09-02 05:09 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-15 12:43 - 2013-09-15 13:07 - 00001908 _____ C:\Windows\diagwrn.xml
2013-09-15 12:43 - 2013-09-15 13:07 - 00001908 _____ C:\Windows\diagerr.xml
2013-09-14 17:35 - 2013-09-16 18:19 - 00000000 ____D C:\Program Files\Glary Utilities 3
2013-09-14 17:35 - 2013-09-15 13:45 - 00000075 _____ C:\DiskDefrag.log
2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-08-29 16:09 - 2013-09-15 09:22 - 00000000 ____D C:\Users\jim\Documents\Outlook Files
2013-08-21 22:19 - 2013-09-15 16:19 - 00000000 ____D C:\Windows\system32\Pink Floyd - Pulse
2013-08-17 10:36 - 2013-09-15 16:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-16 21:58 - 2013-09-16 21:58 - 00000000 ____D C:\FRST
2013-09-16 21:54 - 2011-08-01 12:07 - 00000000 ____D C:\Users\jim\AppData\Roaming\uTorrent
2013-09-16 21:45 - 2011-11-17 02:51 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001UA.job
2013-09-16 21:42 - 2011-08-01 14:29 - 01322625 _____ C:\Windows\WindowsUpdate.log
2013-09-16 21:37 - 2012-05-06 02:55 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 21:15 - 2012-09-29 01:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 21:08 - 2011-10-15 13:12 - 00000000 ___RD C:\Users\jim\Dropbox
2013-09-16 21:08 - 2011-10-15 13:10 - 00000000 ____D C:\Users\jim\AppData\Roaming\Dropbox
2013-09-16 21:06 - 2013-09-16 21:06 - 01083437 _____ (Farbar) C:\Users\jim\Desktop\FRST.exe
2013-09-16 21:06 - 2013-09-16 21:05 - 04745728 _____ (AVAST Software) C:\Users\jim\Desktop\aswmbr.exe
2013-09-16 19:45 - 2011-11-17 02:51 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001Core.job
2013-09-16 19:35 - 2013-09-15 13:55 - 00000930 _____ C:\Windows\setupact.log
2013-09-16 18:43 - 2011-12-24 04:31 - 00001020 _____ C:\Users\jim\AppData\Roaming\burnaware.ini
2013-09-16 18:43 - 2011-12-24 04:30 - 00001016 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2013-09-16 18:43 - 2011-12-24 04:30 - 00000000 ____D C:\Program Files\BurnAware Free
2013-09-16 18:41 - 2009-07-14 00:34 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 18:41 - 2009-07-14 00:34 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 18:38 - 2011-08-26 02:38 - 00000000 ____D C:\Program Files\Hobbyist Software
2013-09-16 18:37 - 2011-08-03 08:23 - 00000000 ____D C:\Program Files\PeerBlock
2013-09-16 18:37 - 2011-08-01 12:05 - 00000000 ____D C:\ProgramData\MFAData
2013-09-16 18:36 - 2013-09-15 13:45 - 00000316 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-16 18:35 - 2013-01-02 11:35 - 00000494 _____ C:\Windows\Brownie.ini
2013-09-16 18:35 - 2012-05-06 02:55 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 18:35 - 2011-08-02 01:22 - 00000308 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-09-16 18:33 - 2013-09-15 14:38 - 00005970 _____ C:\Windows\PFRO.log
2013-09-16 18:33 - 2011-08-01 13:50 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-16 18:33 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 18:30 - 2011-08-01 13:44 - 00000000 ____D C:\Users\jim\AppData\Roaming\Skype
2013-09-16 18:19 - 2013-09-14 17:35 - 00000000 ____D C:\Program Files\Glary Utilities 3
2013-09-16 18:09 - 2011-08-01 15:03 - 00000000 ____D C:\Users\jim\Desktop\clients
2013-09-16 07:35 - 2013-09-16 06:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-16 06:52 - 2013-09-16 06:52 - 00077528 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-09-16 06:48 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-16 04:00 - 2011-08-01 12:29 - 00000000 ____D C:\Program Files\AVG
2013-09-16 01:49 - 2012-09-20 02:17 - 00000000 ____D C:\Users\jim\AppData\Roaming\vlc
2013-09-16 01:40 - 2012-12-26 19:27 - 00000000 ____D C:\Users\jim\AppData\Local\CrashDumps
2013-09-15 20:58 - 2013-09-15 20:58 - 00000584 _____ C:\Users\jim\mbr.log
2013-09-15 20:58 - 2011-08-01 11:35 - 00000000 ____D C:\Users\jim
2013-09-15 20:54 - 2012-12-04 09:04 - 00033282 _____ C:\ads_err.adt
2013-09-15 20:54 - 2012-12-04 09:04 - 00003072 _____ C:\ads_err.adi
2013-09-15 20:51 - 2013-09-15 20:50 - 00131072 _____ C:\Windows\Minidump\091513-50796-01.dmp
2013-09-15 20:50 - 2013-06-13 12:29 - 424916462 _____ C:\Windows\MEMORY.DMP
2013-09-15 20:50 - 2011-09-08 00:52 - 00000000 ____D C:\Windows\Minidump
2013-09-15 17:50 - 2013-09-15 17:50 - 00000000 ____D C:\Users\jim\AppData\Roaming\SUPERAntiSpyware.com
2013-09-15 17:30 - 2013-04-04 19:44 - 00000935 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-15 17:06 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\twain_32
2013-09-15 16:20 - 2013-07-30 21:13 - 00000000 ____D C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2013-09-15 16:20 - 2013-06-05 18:29 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-15 16:20 - 2013-06-05 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-09-15 16:20 - 2013-05-18 06:50 - 00000000 ____D C:\Users\jim\AppData\Roaming\Babylon
2013-09-15 16:20 - 2013-01-20 05:37 - 00000000 ____D C:\Users\jim\Documents\StreamTransport
2013-09-15 16:20 - 2012-11-19 20:53 - 00000000 ____D C:\Program Files\F1 2012
2013-09-15 16:20 - 2012-11-19 20:47 - 00000000 ____D C:\Program Files\Formula One 201
2013-09-15 16:20 - 2012-09-26 16:35 - 00000000 ____D C:\Users\jim\AppData\Roaming\AVG2013
2013-09-15 16:20 - 2012-08-05 15:26 - 00000000 ____D C:\ProgramData\pdf995
2013-09-15 16:20 - 2011-11-03 15:22 - 00000000 ____D C:\Windows\pss
2013-09-15 16:20 - 2011-10-16 09:40 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2013-09-15 16:20 - 2011-08-02 01:33 - 00000000 ____D C:\Users\jim\AppData\Roaming\GlarySoft
2013-09-15 16:20 - 2011-08-02 01:22 - 00000000 ____D C:\Program Files\Glary Utilities
2013-09-15 16:20 - 2011-08-01 17:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-15 16:20 - 2011-08-01 13:39 - 00000000 ____D C:\Users\jim\AppData\Roaming\Winamp
2013-09-15 16:20 - 2011-08-01 13:32 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-15 16:20 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-15 16:20 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-15 16:20 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-15 16:19 - 2013-08-21 22:19 - 00000000 ____D C:\Windows\system32\Pink Floyd - Pulse
2013-09-15 16:19 - 2013-08-17 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-15 16:19 - 2013-06-21 11:36 - 00000000 ____D C:\Users\jim\AppData\Local\Citrix
2013-09-15 16:19 - 2009-07-14 03:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-15 16:19 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration
2013-09-15 16:18 - 2013-06-05 18:29 - 00000000 ____D C:\Program Files\iPod
2013-09-15 16:18 - 2011-08-01 14:46 - 00000000 __RHD C:\MSOCache
2013-09-15 16:18 - 2011-08-01 13:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-15 15:15 - 2012-07-11 23:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-15 15:15 - 2012-07-11 23:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 13:58 - 2013-09-15 13:46 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-15 13:58 - 2011-11-10 09:13 - 00000000 ____D C:\Users\jim\AppData\Local\Downloaded Installations
2013-09-15 13:58 - 2011-08-01 13:31 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-09-15 13:55 - 2013-09-15 13:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 13:55 - 2013-09-15 13:47 - 00000000 ____D C:\ProgramData\AVG
2013-09-15 13:53 - 2011-08-01 15:25 - 00000000 ____D C:\Windows\Panther
2013-09-15 13:52 - 2013-09-15 13:52 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-15 13:50 - 2011-08-26 14:41 - 00000000 ____D C:\Users\jim\AppData\Roaming\AVG
2013-09-15 13:45 - 2013-09-15 13:45 - 00001042 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-15 13:45 - 2013-09-14 17:35 - 00000075 _____ C:\DiskDefrag.log
2013-09-15 13:07 - 2013-09-15 12:43 - 00001908 _____ C:\Windows\diagwrn.xml
2013-09-15 13:07 - 2013-09-15 12:43 - 00001908 _____ C:\Windows\diagerr.xml
2013-09-15 12:30 - 2011-10-16 09:43 - 00020992 _____ C:\Users\jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-15 09:22 - 2013-08-29 16:09 - 00000000 ____D C:\Users\jim\Documents\Outlook Files
2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2013-09-08 15:05 - 2011-08-01 18:14 - 00000000 ____D C:\Users\jim\Documents\My Kindle Content
2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-09-02 05:09 - 2013-09-15 13:45 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-08-24 23:06 - 2011-08-01 11:45 - 00000000 ____D C:\ProgramData\LogiShrd
2013-08-21 00:53 - 2012-10-01 20:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-21 00:53 - 2011-09-17 10:35 - 00000000 ____D C:\Program Files\ffdshow
2013-08-21 00:48 - 2011-10-15 13:11 - 00000000 ____D C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-18 12:51 - 2013-01-02 11:36 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-08-18 03:59 - 2011-08-01 16:36 - 00000000 ____D C:\Users\jim\Desktop\Derek's Files

Files to move or delete:
====================
C:\Users\jim\gosetup.exe


Some content of TEMP:
====================
C:\Users\jim\AppData\Local\Temp\VLCStreamerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-14 19:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by jim at 2013-09-16 22:00:01
Running from C:\Users\jim\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.0.0)
Adobe AIR (Version: 2.7.0.19530)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Amazon Kindle
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaConverter 3 (Version: 3.1.8.81)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Babylon
BlackBerry Desktop Software 7.1 (Version: 7.1.0.33)
BlackBerry Link (Version: 1.1.1.26)
Bonjour (Version: 3.0.0.10)
Brother HL-2170W (Version: 1.00)
BurnAware Free 6.5
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG6200 series MP Drivers
Canon MG6200 series On-screen Manual
Canon MG6200 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Cisco WebEx Meetings
Citrix Online Launcher (Version: 1.0.117)
Clean Disk Security 8.0 (Version: 8.0)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink LG Burning Tool (Version: 6.2.3714)
CyberLink MediaShow (Version: 4.1.3402)
CyberLink PowerDVD 9 (Version: 9.0.4322.52)
CyberLink PowerProducer (Version: 5.0.1.1520)
CyberLink YouCam (Version: 1.0.2609)
Dropbox (HKCU Version: 2.0.22)
EPSON Scan
Epub Reader for Windows 3.4
F1 2012
Formula One 201 version SKIDROW (Version: SKIDROW)
Glary Utilities 2.51.0.1666 (Version: 2.51.0.1666)
Glary Utilities 3.9.1 (Version: 3.9.1.138)
Google Earth (Version: 7.1.1.1888)
Google Talk Plugin (Version: 4.4.2.14502)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
Guitar Pro 6
H&R Block Deluxe + Efile + State 2010 (Version: 10.04.6402)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
H&R Block New York 2010 (Version: 1.10.4901)
H&R Block New York 2011 (Version: 1.11.4401)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 37 (Version: 6.0.370)
LightScribe System Software (Version: 1.18.14.1)
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4454.1004)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MindGenius Education 4 (Version: 04.10)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)
NVIDIA 3D Vision Driver 310.90 (Version: 310.90)
NVIDIA Control Panel 310.90 (Version: 310.90)
NVIDIA Graphics Driver 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Octoshape add-in for Adobe Flash Player
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4454.1004)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004)
Office 15 Click-to-Run Localization Component (Version: 15.0.4454.1004)
PC DVR-4-Net
PDF Settings CS5 (Version: 10.0)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PowerISO (Version: 4.8)
Print My Files (HKCU Version: 1.0.0.13)
Quicken 2012 (Version: 21.1.7.18)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
Spotify (Version: 0.5.2)
StreamTransport version: 1.0.2.2171
Super DVD Creator 9.8 Full Version
swMSM (Version: 12.0.0.1)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wnyiper (Version: 012.000.1503)
TurboTax 2012 wrapper (Version: 012.000.0127)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
VLC Streamer 4.19
WIDCOMM Bluetooth Software (Version: 6.5.1.2700)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Zimbra Desktop (Version: 7.2.2.11951)

==================== Restore Points  =========================

15-09-2013 23:00:36 Windows Backup
16-09-2013 04:58:32 Removed AVG PC TuneUp 2014
16-09-2013 04:59:39 Removed AVG PC TuneUp 2014 (en-US)

==================== Hosts content: ==========================

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {11302DA3-634E-439A-9CC1-2F1D85BBC53D} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2012-11-28] (Glarysoft Ltd)
Task: {226C76CD-6316-4CDD-BBE3-F02DC5940754} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-02-13] (Microsoft Corporation)
Task: {283A28BD-02A7-4568-8684-97EB70F0530C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001Core => C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)
Task: {2FAD0728-E3D5-44CC-809C-CA54418A4AD6} - System32\Tasks\Google Updater and Installer => C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)
Task: {4E4284DC-0EC3-4C83-8954-9DA3C2ACB4F0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {5527A2BA-A2B2-44D6-B950-E035547BEA8D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4197488307-2146521547-3399102368-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7E7CD69F-AA66-4010-9E76-AB6CF60D60A1} - System32\Tasks\GlaryInitialize 3 => C:\Program Files\Glary Utilities 3\Initialize.exe [2013-09-02] (Glarysoft Ltd)
Task: {8183604C-B0A2-40F2-9F41-C411A9D95BEB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4197488307-2146521547-3399102368-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A625C774-5196-42B1-B51B-9342B2ED8232} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {A77CC02A-3BF1-4009-B56A-C61040F3DFC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B0420F73-2A14-43D9-B006-CEB908927086} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {BA55A7E9-F7D5-4D39-9575-148539AB9E07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C598C1CB-67BB-46B4-BC5E-54BFAE1B25EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-06] (Google Inc.)
Task: {CF4664F4-38C6-4472-BB1B-17625D11DF4A} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DFE9DB73-F057-403E-B63C-9DB4F1BA217C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-06] (Google Inc.)
Task: {E728BD67-B115-4AB2-B49C-AF10025DBB25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {E822B921-534F-4373-BAFE-51A9B41EAEE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-02-13] (Microsoft Corporation)
Task: {F39C199B-FBCF-4143-B2FC-75F8C93B2B41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001UA => C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files\Glary Utilities 3\Initialize.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001Core.job => C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001UA.job => C:\Users\jim\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-01 20:05 - 2012-12-29 06:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-01-28 19:02 - 2013-01-28 19:10 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-05-24 20:36 - 2013-05-24 20:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2011-08-02 22:51 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-02 05:05 - 2013-09-02 05:05 - 00064800 _____ (Glarysoft Ltd) C:\Program Files\Glary Utilities 3\ContextHandler.dll
2011-08-02 01:22 - 2011-07-01 08:06 - 00036152 _____ (Glarysoft Ltd) C:\Program Files\Glary Utilities\ContextHandler.dll
2011-08-02 01:22 - 2011-07-01 08:06 - 00778240 _____ (Borland Software Corporation) C:\Program Files\Glary Utilities\rtl70.bpl
2011-08-02 01:22 - 2011-07-01 08:06 - 01381376 _____ (Borland Software Corporation) C:\Program Files\Glary Utilities\vcl70.bpl
2013-01-02 11:36 - 2006-12-21 12:23 - 00176128 _____ (Brother Industries, Ltd.) C:\Windows\system32\BroSNMP.DLL
2013-08-17 10:36 - 2013-08-17 10:36 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-10-01 20:05 - 2012-12-29 06:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2012-10-01 20:05 - 2012-12-29 06:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00410624 _____ () C:\Program Files\Winamp\nsutil.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00078848 _____ () C:\Program Files\Winamp\nde.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00023040 _____ () C:\Program Files\Winamp\System\albumart.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00174080 _____ () C:\Program Files\Winamp\System\auth.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00019456 _____ () C:\Program Files\Winamp\System\bmp.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00047616 _____ () C:\Program Files\Winamp\zlib.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00044544 _____ () C:\Program Files\Winamp\System\devices.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00016896 _____ () C:\Program Files\Winamp\System\dlmgr.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00014336 _____ () C:\Program Files\Winamp\System\filereader.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00019456 _____ () C:\Program Files\Winamp\System\gif.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00016384 _____ () C:\Program Files\Winamp\System\gracenote.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00623616 _____ () C:\Program Files\Winamp\System\jnetlib.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00154624 _____ () C:\Program Files\Winamp\System\jpeg.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00301568 _____ (Nullsoft, Inc.) C:\Program Files\Winamp\System\ombrowser.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00084480 _____ () C:\Program Files\Winamp\System\playlist.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00103936 _____ () C:\Program Files\Winamp\System\png.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00013824 _____ () C:\Program Files\Winamp\System\primo.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00021504 _____ () C:\Program Files\Winamp\System\tagz.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00035328 _____ () C:\Program Files\Winamp\System\timer.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00090112 _____ () C:\Program Files\Winamp\System\xml.w5s
2011-07-11 17:48 - 2011-08-01 13:40 - 00068608 _____ () C:\Program Files\Winamp\Plugins\in_avi.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00102400 _____ () C:\Program Files\Winamp\Plugins\in_cdda.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00072192 _____ () C:\Program Files\Winamp\Plugins\in_dshow.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00060928 _____ () C:\Program Files\Winamp\Plugins\in_flac.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00043008 _____ () C:\Program Files\Winamp\Plugins\in_flv.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00007168 _____ () C:\Program Files\Winamp\Plugins\in_linein.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00109568 _____ () C:\Program Files\Winamp\Plugins\in_midi.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00049152 _____ () C:\Program Files\Winamp\Plugins\in_mkv.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00165376 _____ () C:\Program Files\Winamp\Plugins\in_mod.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00285696 _____ () C:\Program Files\Winamp\Plugins\in_mp3.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00050688 _____ () C:\Program Files\Winamp\Plugins\in_mp4.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00074752 _____ () C:\Program Files\Winamp\Plugins\in_nsv.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00023552 _____ () C:\Program Files\Winamp\Plugins\in_swf.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00252416 _____ () C:\Program Files\Winamp\Plugins\in_vorbis.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00016896 _____ () C:\Program Files\Winamp\Plugins\in_wave.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00253440 _____ () C:\Program Files\Winamp\libsndfile.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00313344 _____ () C:\Program Files\Winamp\Plugins\in_wm.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00022528 _____ () C:\Program Files\Winamp\Plugins\out_disk.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00052224 _____ () C:\Program Files\Winamp\Plugins\out_ds.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00018432 _____ () C:\Program Files\Winamp\Plugins\out_wave.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 01737728 _____ () C:\Program Files\Winamp\Plugins\gen_ff.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00083968 _____ () C:\Program Files\Winamp\tataki.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00340992 _____ () C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2011-07-11 17:48 - 2011-08-01 13:40 - 00027648 _____ () C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2010-11-10 13:29 - 2011-08-01 13:40 - 00183808 _____ () C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00312832 _____ () C:\Program Files\Winamp\Plugins\gen_ml.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00022528 _____ (Nullsoft, Inc.) C:\Program Files\Winamp\Plugins\ml_nowplaying.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00293376 _____ () C:\Program Files\Winamp\Plugins\ml_local.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00082944 _____ () C:\Program Files\Winamp\Plugins\ml_playlists.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00025088 _____ (Nullsoft, Inc.) C:\Program Files\Winamp\Plugins\ml_addons.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00124928 _____ () C:\Program Files\Winamp\Plugins\ml_online.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00117760 _____ (Nullsoft, Inc.) C:\Program Files\Winamp\Plugins\ml_wire.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00249856 _____ () C:\Program Files\Winamp\Plugins\ml_devices.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00200192 _____ () C:\Program Files\Winamp\Plugins\ml_disc.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00240640 _____ () C:\Program Files\Winamp\Plugins\ml_pmp.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00060928 _____ () C:\Program Files\Winamp\Plugins\pmp_android.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00170496 _____ () C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00020480 _____ () C:\Program Files\Winamp\Plugins\pmp_njb.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00118272 _____ () C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00053760 _____ () C:\Program Files\Winamp\Plugins\pmp_usb.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00113152 _____ () C:\Program Files\Winamp\Plugins\pmp_wifi.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00027648 _____ () C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00052224 _____ () C:\Program Files\Winamp\Plugins\ml_history.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00028672 _____ () C:\Program Files\Winamp\Plugins\ml_autotag.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00056832 _____ (Nullsoft, Inc.) C:\Program Files\Winamp\Plugins\ml_downloads.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00057344 _____ () C:\Program Files\Winamp\Plugins\ml_impex.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00083456 _____ () C:\Program Files\Winamp\Plugins\ml_plg.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00033792 _____ () C:\Program Files\Winamp\Plugins\ml_rg.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00031744 _____ () C:\Program Files\Winamp\Plugins\ml_transcode.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00057344 _____ () C:\Program Files\Winamp\Plugins\gen_orgler.dll
2011-07-11 17:48 - 2011-08-01 13:40 - 00025600 _____ () C:\Program Files\Winamp\Plugins\gen_tray.dll
2013-09-15 14:15 - 2013-09-15 14:15 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_174.ocx
2013-07-30 23:35 - 2013-07-30 23:35 - 00303624 _____ (Google) C:\Users\jim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2013-07-30 23:35 - 2013-07-30 23:35 - 10704904 _____ (Google) C:\Users\jim\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
2013-09-16 18:33 - 2009-10-07 01:47 - 00109080 _____ (Logitech Inc.) C:\Windows\TEMP\logishrd\LVPrcInj01.dll
2013-09-15 15:15 - 2013-09-15 15:15 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
2012-11-13 19:32 - 2012-11-13 19:32 - 03558400 _____ (wxWidgets development team) C:\Users\jim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 24978944 _____ () C:\Users\jim\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 09956864 _____ (The ICU Project) C:\Users\jim\AppData\Roaming\Dropbox\bin\icudt.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 04:47:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2013 04:47:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2013 04:46:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2013 04:46:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2013 04:46:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2013 01:40:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 23.0.1.4974, time stamp: 0x520bc252
Faulting module name: xul.dll, version: 23.0.1.4974, time stamp: 0x520bc166
Exception code: 0xc0000005
Fault offset: 0x0017af08
Faulting process id: 0x11c0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/16/2013 01:27:39 AM) (Source: Application Hang) (User: )
Description: The program PowerDVD9.exe version 9.0.3928.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d88

Start Time: 01ceb29c49e7310b

Termination Time: 674

Application Path: C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe

Report Id: a7ee0118-1e90-11e3-b4d8-02a8d4088801

Error: (09/15/2013 09:19:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: rylok6ol.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Faulting module name: rylok6ol.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Exception code: 0xc0000005
Fault offset: 0x00012288
Faulting process id: 0x1080
Faulting application start time: 0xrylok6ol.exe0
Faulting application path: rylok6ol.exe1
Faulting module path: rylok6ol.exe2
Report Id: rylok6ol.exe3

Error: (09/15/2013 08:34:08 PM) (Source: Application Hang) (User: )
Description: The program Co647piloM1fub.exe version 3.7.300.501 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1994

Start Time: 01ceb27468320f7d

Termination Time: 6590

Application Path: C:\RkUnhooker\Co647piloM1fub.exe

Report Id: aa9599d3-1e67-11e3-b57d-02b02cfd8701

Error: (09/15/2013 08:14:35 PM) (Source: RIM MDNS) (User: )
Description: Local Hostname jim-PC.local already in use; will try jim-PC-2.local instead


System errors:
=============
Error: (09/16/2013 09:08:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (09/16/2013 09:08:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (09/16/2013 09:08:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (09/16/2013 09:08:05 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (09/16/2013 09:08:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (09/16/2013 06:38:05 PM) (Source: Service Control Manager) (User: )
Description: The RIM MDNS service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/16/2013 06:38:05 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/16/2013 06:36:32 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/16/2013 06:36:32 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/16/2013 06:36:11 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================
Error: (09/16/2013 04:47:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\PDF995\res\drivedir\copy64.exe

Error: (09/16/2013 04:47:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (09/16/2013 04:46:32 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\glary utilities 3\DPInst64.exe

Error: (09/16/2013 04:46:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (09/16/2013 04:46:11 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (09/16/2013 01:40:10 AM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af0811c001ceb284021c3157C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll731b9a3c-1e92-11e3-b4d8-02a8d4088801

Error: (09/16/2013 01:27:39 AM) (Source: Application Hang)(User: )
Description: PowerDVD9.exe9.0.3928.01d8801ceb29c49e7310b674C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exea7ee0118-1e90-11e3-b4d8-02a8d4088801

Error: (09/15/2013 09:19:20 PM) (Source: Application Error)(User: )
Description: rylok6ol.exe2.1.19163.0515d31f0rylok6ol.exe2.1.19163.0515d31f0c000000500012288108001ceb2780a50095cC:\Users\jim\Desktop\rylok6ol.exeC:\Users\jim\Desktop\rylok6ol.exe02d9bc50-1e6e-11e3-b4d8-02a8d4088801

Error: (09/15/2013 08:34:08 PM) (Source: Application Hang)(User: )
Description: Co647piloM1fub.exe3.7.300.501199401ceb27468320f7d6590C:\RkUnhooker\Co647piloM1fub.exeaa9599d3-1e67-11e3-b57d-02b02cfd8701

Error: (09/15/2013 08:14:35 PM) (Source: RIM MDNS)(User: )
Description: Local Hostname jim-PC.local already in use; will try jim-PC-2.local instead


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3199.18 MB
Available physical RAM: 1307.99 MB
Total Pagefile: 6394.59 MB
Available Pagefile: 4169.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:159.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:179.09 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1633.87 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.51 GB) (Free:762.87 GB) NTFS
Drive i: () (Removable) (Total:14.53 GB) (Free:6.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 488D488C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 65887440)
Partition 1: (Not Active) - (Size=466 GB) - (Type=42)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 2F517ABD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2F517AA4)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Here is the log from aswMBR that you requested:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-16 22:03:18
-----------------------------
22:03:18.098    OS Version: Windows 6.1.7601 Service Pack 1
22:03:18.098    Number of processors: 2 586 0x604
22:03:18.103    ComputerName: JIM-PC  UserName: jim
22:03:19.594    Initialize success
22:04:33.823    AVAST engine defs: 13091601
22:04:36.428    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:04:36.433    Disk 0 Vendor: WDC_WD2500JS-00NCB1 10.02E02 Size: 238475MB BusType: 3
22:04:36.443    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
22:04:36.452    Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
22:04:36.458    Disk 2  \Device\Harddisk2\DR2 -> \Device\Scsi\SI3114r1Port5Path0Target0Lun0
22:04:36.468    Disk 2 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 1
22:04:36.501    Disk 3  \Device\Harddisk3\DR3 -> \Device\Scsi\SI3114r1Port5Path1Target0Lun0
22:04:36.508    Disk 3 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 1
22:04:36.594    Disk 0 MBR read successfully
22:04:36.599    Disk 0 MBR scan
22:04:36.609    Disk 0 Windows 7 default MBR code
22:04:36.618    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238473 MB offset 2048
22:04:36.629    Disk 0 scanning sectors +488394752
22:04:36.787    Disk 0 scanning C:\Windows\system32\drivers
22:04:54.647    Service scanning
22:05:29.507    Modules scanning
22:05:36.418    Disk 0 trace - called modules:
22:05:36.445    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
22:05:36.457    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87010740]
22:05:36.465    3 CLASSPNP.SYS[8d3ad59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86c4e030]
22:05:37.599    AVAST engine scan C:\Windows
22:05:42.493    AVAST engine scan C:\Windows\system32
22:10:05.354    AVAST engine scan C:\Windows\system32\drivers
22:10:28.377    AVAST engine scan C:\Users\jim
22:11:20.411    Disk 0 MBR has been saved successfully to "C:\Users\jim\Desktop\MBR.dat"
22:11:20.413    The log file has been saved successfully to "C:\Users\jim\Desktop\aswMBR.txt"

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 17 September 2013 - 01:44 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 17 September 2013 - 02:45 AM

Marius,

 

Here is the log created by ComboFix:

 

ComboFix 13-09-16.01 - jim 09/17/2013   3:24.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3199.1555 [GMT -4:00]
Running from: c:\users\jim\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jim\AppData\Roaming\AAD887
c:\users\jim\AppData\Roaming\jim3SQLite3.dll
c:\users\jim\AppData\Roaming\jimlog.dat
c:\users\jim\AppData\Roaming\PrintMyFilesdata.txt
c:\windows\system32\windir
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 07:38 . 2013-09-17 07:38    --------    d-----w-    c:\users\jim\AppData\Local\temp
2013-09-17 07:38 . 2013-09-17 07:38    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-09-17 07:38 . 2013-09-17 07:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-17 01:58 . 2013-09-17 01:58    --------    d-----w-    C:\FRST
2013-09-16 22:46 . 2013-09-17 04:37    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3363F1A1-5DA2-41A7-BF77-2D1154AD8C98}\offreg.dll
2013-09-16 10:54 . 2013-09-16 11:35    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-16 10:52 . 2013-09-16 10:52    77528    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-09-16 00:21 . 2013-08-20 04:47    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3363F1A1-5DA2-41A7-BF77-2D1154AD8C98}\mpengine.dll
2013-09-15 21:50 . 2013-09-15 21:50    --------    d-----w-    c:\users\jim\AppData\Roaming\SUPERAntiSpyware.com
2013-09-15 17:52 . 2013-09-15 17:52    --------    d-----w-    c:\programdata\GlarySoft
2013-09-15 17:47 . 2013-09-15 17:55    --------    d-----w-    c:\programdata\AVG
2013-09-15 17:46 . 2013-09-15 17:58    --------    d-sh--w-    c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-15 17:45 . 2013-09-02 09:09    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-09-14 21:35 . 2013-09-16 22:19    --------    d-----w-    c:\program files\Glary Utilities 3
2013-09-10 05:34 . 2013-09-10 05:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-05 05:43 . 2013-09-05 05:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-22 02:19 . 2013-09-15 20:19    --------    d-----w-    c:\windows\system32\Pink Floyd - Pulse
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 19:15 . 2012-07-12 03:40    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 19:15 . 2012-07-12 03:40    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-07 08:22 . 2011-08-01 16:05    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-20 05:51 . 2013-07-20 05:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2013-07-20 05:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2013-07-20 05:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2013-07-20 05:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-07 17:12 . 2013-07-07 17:12    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-07 17:12 . 2012-07-01 22:30    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-07 17:12 . 2011-08-05 04:46    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-01 05:45 . 2013-07-01 05:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-13 14:57    1720928    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-13 14:57    1720928    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-13 14:57    1720928    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hobbyist Software VLC Streamer"="c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2013-09-02 1607496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1110816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor.lnk]
backup=c:\windows\pss\Device Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
path=c:\users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Users^jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVAPTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyConnect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtectAll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17    207424    ----a-w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2013-02-26 13:56    3589712    ----a-w-    c:\program files\Babylon\Babylon-Pro\Babylon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-23 21:33    75048    ------w-    c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryLink.exe]
2013-06-05 20:36    3787280    ----a-w-    c:\program files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 01:09    2565520    ----a-w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 18:41    1637496    ----a-w-    c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickfreeMonitor]
2011-01-20 12:29    333648    ----a-r-    c:\programdata\Clickfree\cfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-12-15 18:47    103720    ------w-    c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-17 06:51    136176    ----atw-    c:\users\jim\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-04-05 16:59    59720    ----a-w-    c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 20:48    452016    ----a-w-    c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-04-22 18:10    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 19:35    5458704    ----a-w-    c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36    2793304    ----a-w-    c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 19:40    218408    ------w-    c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintMyFiles]
2013-07-04 13:15    2998272    ------w-    c:\users\jim\AppData\Local\Apps\2.0\RDL6L2DN.YNP\E4E3870O.W2T\prin..tion_cb1d12eb86647d1a_0001.0000_1344fea03444c4bb\PrintMyFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2010-08-03 00:13    87336    ----a-w-    c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIM PeerManager]
2013-06-04 21:31    4273664    ----a-w-    c:\program files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-03-06 22:25    442896    ----a-w-    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 13:58    19875432    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-18 02:21    218408    ----a-w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-20 03:16    222504    ----a-w-    c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2009-05-20 03:16    222504    ------w-    c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-12-04 03:15    218408    ----a-w-    c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-06-02 18:54    222504    ----a-w-    c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-12-08 20:35    646520    ----a-w-    c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-23 717296]
R2 CLKMSVC10_E92D8507;CyberLink Product - 2012/09/30 02:07;c:\program files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-12-25 504360]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-12-25 33832]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-09-16 77528]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [2007-06-08 230784]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2009-07-13 15872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-01 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2012-11-23 1281112]
S2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2013-06-04 389632]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-03-06 585728]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2013-06-04 14336]
S3 TD3004F60v;TD3004F60v;c:\windows\system32\DRIVERS\TD3004F60v.sys [2011-08-12 16320]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_E92D8507
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 18:09    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 19:16]
.
2013-09-17 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-09-02 09:06]
.
2013-09-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-02 18:10]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 06:55]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 06:55]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001Core.job
- c:\users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 06:51]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197488307-2146521547-3399102368-1001UA.job
- c:\users\jim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 06:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&CUI=UN13497133692840624&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&CUI=UN13497133692840624&UM=2&q=
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - bc10eb200000000000000018f3149b53
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15843
FF - user.js: extensions.delta.vrsn - 1.8.21.0
FF - user.js: extensions.delta.vrsni - 1.8.21.0
FF - user.js: extensions.delta.vrsnTs - 1.8.21.06:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef -
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=66524&tt=gc_ srcExt=def
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt -
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\lgfw.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7248)
c:\users\jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2013-09-17  03:44:01
ComboFix-quarantined-files.txt  2013-09-17 07:44
.
Pre-Run: 170,577,948,672 bytes free
Post-Run: 170,465,300,480 bytes free
.
- - End Of File - - 61A4A8BA850BC54BFA7E532B006CA8B3
A36C5E4F47E84449FF07ED3517B43A31
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 17 September 2013 - 03:45 AM

c:\windows\system32\Pink Floyd - Pulse

 

I think this directory shouldn´t be inside of the windows folder. I recommend to move it somewhere else.

 

 

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 18 September 2013 - 02:45 AM

Marius,

 

DeFogger never asked me to restart the computer after it finished. Here is the log from DeFogger:

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:39 on 18/09/2013 (jim)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-

 

Here is the log from Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jim :: JIM-PC [administrator]

9/18/2013 1:44:42 AM
MBAM-log-2013-09-18 (03-29-30).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 505965
Time elapsed: 1 hour(s), 43 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.
C:\Program Files\Formula One 201\Steamdata.exe (PUP.BitCoinMiner) -> No action taken.

(end)
 

I am not sure why it says "no action taken" because I did select and remove them, then restarted the system.

 

Here is the log from Farbar Service Scanner:

 

Farbar Service Scanner Version: 13-09-2013
Ran by jim (administrator) on 18-09-2013 at 03:40:13
Running from "C:\Users\jim\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 18 September 2013 - 03:24 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 18 September 2013 - 05:05 PM

Marius,

 

Here is the log from ESET Online Scanner, Malwarebytes failed to find these two threats:

 

 

C:\Program Files\Glary Utilities\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Glary Utilities\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 19 September 2013 - 02:50 AM

C:\Program Files\Glary Utilities\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Glary Utilities\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application

 

It didn´t fail because this is just part of a program which MAY have come to your computer without being wanted.

Delete the two files and everything is fine.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Delete
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 19 September 2013 - 02:51 PM

Marius,

 

Here is the log from adwCleaner:

 

# AdwCleaner v3.004 - Report created 19/09/2013 at 15:43:17
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jim - JIM-PC
# Running from : C:\Users\jim\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\search.xml
File Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\\invalidprefs.js
File Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\Babylon.xml
File Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\Conduit.xml
File Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\searchplugins\delta.xml
File Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\user.js
Folder Found : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\Extensions\{6926c7f7-6006-42d1-b046-eba1b3010315}
Folder Found C:\Program Files\Babylon
Folder Found C:\Program Files\Conduit
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\jim\AppData\Local\Conduit
Folder Found C:\Users\jim\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\jim\AppData\LocalLow\Conduit
Folder Found C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\CT3227981
Folder Found C:\Users\jim\AppData\Roaming\SeeSimilar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_realtek-hd-audio-drivers_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_realtek-hd-audio-drivers_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16464

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.glarysoft.com/?src=iehome

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\2cd0xg26.default\prefs.js ]

Line Found : user_pref("CT3227981.FF19Solved", "true");
Line Found : user_pref("CT3227981.UserID", "UN13497133692840624");
Line Found : user_pref("CT3227981.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3227981.fullUserID", "UN13497133692840624.IN.20130714071226");
Line Found : user_pref("CT3227981.installDate", "14/07/2013 07:12:25");
Line Found : user_pref("CT3227981.installSessionId", "{B79E8E66-B2D3-44EB-93C9-0693AE4032F4}");
Line Found : user_pref("CT3227981.installSp", "TRUE");
Line Found : user_pref("CT3227981.installerVersion", "1.5.4.4");
Line Found : user_pref("CT3227981.keyword", "true");
Line Found : user_pref("CT3227981.originalHomepage", "about:home");
Line Found : user_pref("CT3227981.originalSearchAddressUrl", "");
Line Found : user_pref("CT3227981.originalSearchEngine", "");
Line Found : user_pref("CT3227981.originalSearchEngineName", "");
Line Found : user_pref("CT3227981.searchRevert", "false");
Line Found : user_pref("CT3227981.searchUserMode", "2");
Line Found : user_pref("CT3227981.smartbar.homepage", "true");
Line Found : user_pref("CT3227981.versionFromInstaller", "10.16.4.19");
Line Found : user_pref("CT3227981.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227981&octid=CT3227981&SearchSource=61&CUI=UN13497133692840624&UM=2&UP=SPB79254CF-CF66-44FC-841E-1B8D3FA4AF06");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultthis.engineName", "appbario7 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&CUI=UN13497133692840624&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "bc10eb200000000000000018f3149b53");
Line Found : user_pref("extensions.delta.instlDay", "15843");
Line Found : user_pref("extensions.delta.instlRef", "");
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.06:51:18");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.0");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&CUI=UN13497133692840624&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3227981");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN13497133692840624&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3227981&octid=CT3227981&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&SearchSource=2&CUI=UN13497133692840624&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3227981");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3227981");
Line Found : user_pref("smartbar.machineId", "HNWA6E2CJ3IYQ3JG3M5EF17KXNBVMZQL3SSDLUKFO9N0GIGC4WFGE9XEA4TTPZU6YA+MTD/CJT2VK+I32GZNAW");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN13497133692840624&UM=2&SearchSource=13");

*************************

AdwCleaner[R0].txt - [9803 octets] - [19/09/2013 15:40:06]
AdwCleaner[R1].txt - [9723 octets] - [19/09/2013 15:43:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [9783 octets] ##########
 

 

Here is the log from SecurityCheck:

 

Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 37  
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 20 September 2013 - 12:11 AM

Your system is all clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 derekjl

derekjl
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 20 September 2013 - 01:06 AM

EDIT: NEVER MIND, FOUND THE SOLUTION. THANK YOU FOR YOUR HELP. PLEASE DELETE THREAD!

 

Marius,

 

I did everything you instructed and I am still not able to use Windows Update. If I posted this in the wrong forum, please relocate my thread to the appropriate place. Something on the system is still preventing me from doing this.


Edited by derekjl, 20 September 2013 - 01:23 AM.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 20 September 2013 - 01:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users