Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet and antivirus stooped working, explorer keeps crashing.


  • This topic is locked This topic is locked
85 replies to this topic

#1 yb125

yb125

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 01 February 2014 - 01:02 AM

 Hello! A day or two ago at start up certain start up programs including AVG would crash and I could not connect the internet. When I tried to run programs like AVG or Malware bytes it gave me “the program had to close” error. When I try to log off 'explorer' would crashed and just hangs at the log off screen. The last time I tried to start it up 'explorer' would not start at all.

So I booted up in safe mode and it still does not connect to the internet and AVG or Malware bytes will not run. So I booted up in a different windows install (on a different hard drive) and there everything seems to work, So I got online and download some portable scanners to put on a rhumb drive: portable Spybot, Clam, Vipre, EEK, and Sophos.

Sophos and Spybot will not run ir gives me “This program had to close error”. Vipre said it found three threats that it could not clean or quarantine. The three threats were yontoo-c4.exe, wajam_download.exe and setip.exe (this last file I was able to delete easily since it was in the downloads file), EEK said it was clean and Clam said no threats found but it could not open 'hiberfil.sys' and 'pagefile.sys'.

The last things I download were a program to root my phone ( actually removed that program less then 24 hrs before the problems started), winamp, and a program I accidentally download while I was trying to download winamp and these were the two I download right before it stop letting me go online.

 

This this the Problem signature when I try to run Maleware Bytes

 

Problem signature:

Problem Event Name: APPCRASH

Application Name: mbam.exe

Application Version: 1.75.0.1

Application Timestamp: 511f8eb2

Fault Module Name: DNSAPI.dll

Fault Module Version: 6.1.7601.17570

Fault Module Timestamp: 4d6f2733

Exception Code: c0000005

Exception Offset: 000182ef

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional Information 1: 57dc

Additional Information 2: 57dc1304986dca9230289ffa64901279

Additional Information 3: 28cc

Additional Information 4: 28cc6621fb6c2ab10f1972c10dd0ed81

 

 

Here is my DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Nissah at 21:45:30 on 2014-01-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.3256 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [googletalk] C:\Users\Nissah\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [VirtualCloneDrive] "d:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
StartupFolder: C:\Users\Nissah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{65C70D4A-027D-4EC4-817D-6F4582359DB1} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nissah\AppData\Roaming\Mozilla\Firefox\Profiles\5mlwnbz0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-25 46368]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-25 46136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S1 A2DDA;A2 Direct Disk Access Support Driver;H:\EEK\Run\a2ddax64.sys [2014-1-30 26176]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-31 418376]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-2-26 11576]
S2 TomTomHOMEService;TomTomHOMEService;D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-5 1771544]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2014-1-27 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-1-27 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-1-27 36352]
S3 cleanhlp;cleanhlp;H:\EEK\Run\cleanhlp64.sys [2014-1-30 57024]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-1-31 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2014-1-31 31264]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;H:\SVRTservice.exe [2013-12-12 151848]
S3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-5-12 347904]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-26 1255736]
.
=============== Created Last 30 ================
.
2014-01-31 19:13:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-31 19:13:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 18:03:26 -------- d-----w- C:\ProgramData\Sophos
2014-01-31 08:26:30 41032 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2014-01-31 08:26:30 31264 ----a-w- C:\Windows\System32\drivers\gfiutil.sys
2014-01-28 05:50:53 -------- d-----w- C:\Users\Nissah\.android
2014-01-28 05:50:46 -------- d-----w- C:\Users\Nissah\AppData\Roaming\mgyun
2014-01-28 02:26:29 -------- d-----w- C:\LGP769BK
2014-01-28 02:22:00 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2014-01-28 02:22:00 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2014-01-28 02:22:00 224768 ----a-w- C:\Windows\SysWow64\msvcm90.dll
2014-01-28 02:21:48 53248 ----a-w- C:\Windows\SysWow64\CommonDL.dll
2014-01-28 02:21:33 -------- d-----w- C:\ProgramData\LGMOBILEAX
2014-01-28 02:15:51 36352 ----a-w- C:\Windows\System32\drivers\lgandnetmodem64.sys
2014-01-28 02:15:51 31744 ----a-w- C:\Windows\System32\drivers\lgandnetadb.sys
2014-01-28 02:15:51 29184 ----a-w- C:\Windows\System32\drivers\lgandnetdiag64.sys
2014-01-28 02:15:51 1919968 ----a-w- C:\Windows\System32\wdfcoinstaller01005.dll
2014-01-28 02:15:51 -------- d-----w- C:\Program Files (x86)\LG Electronics
2014-01-17 08:36:09 -------- d-----w- C:\Users\Nissah\AppData\Roaming\3909 LLC
2014-01-15 19:16:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 19:16:38 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 19:16:38 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 19:16:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 19:16:38 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 19:16:38 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 19:16:38 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 19:16:34 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 19:16:31 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-08 09:27:09 -------- d-----w- C:\Program Files (x86)\Total Video Converter
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-02 20:23:32 -------- d-----w- C:\Users\Nissah\AppData\Roaming\RealNetworks
2014-01-02 20:23:14 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-01-02 20:22:55 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-01-02 20:17:39 -------- d-----w- C:\ProgramData\Oracle
2014-01-02 20:17:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-02 20:13:43 -------- d-----w- C:\Users\Nissah\AppData\Local\Macromedia
.
==================== Find3M  ====================
.
2014-01-27 17:35:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-27 17:35:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-02 20:22:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-02 20:22:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-14 07:50:54 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 09:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:45:36.10 ===============
 
I greatly appreciate any help with this program. 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 06 February 2014 - 01:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522819 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 February 2014 - 02:41 AM

 

Yes I do still need help.

I have not been able to try anything new on the the computer since I posted.  

I can preform the DDS scan and post that log tomorrow  (Thursday).

 

I do still have the original windows 7 disk, my current install in 64bit version. 

 

Thank You , I know there are lots of folks who need help so being patient is no problem.

 



#4 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 February 2014 - 04:23 PM

Ok so DDS no longer runs on normal mode. It will only run on safe mode now. Since safe mode is having some of the same problems I figured the logs might still be help full. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Nissah at 12:44:58 on 2014-02-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.3333 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [googletalk] C:\Users\Nissah\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [VirtualCloneDrive] "d:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
StartupFolder: C:\Users\Nissah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{65C70D4A-027D-4EC4-817D-6F4582359DB1} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nissah\AppData\Roaming\Mozilla\Firefox\Profiles\5mlwnbz0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-25 46368]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-25 46136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-31 418376]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-2-26 11576]
S2 TomTomHOMEService;TomTomHOMEService;D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-5 1771544]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2014-1-27 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-1-27 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-1-27 36352]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-1-31 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2014-1-31 31264]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;H:\SVRTservice.exe --> H:\SVRTservice.exe [?]
S3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-5-12 347904]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-26 1255736]
.
=============== Created Last 30 ================
.
2014-01-31 19:13:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-31 19:13:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 18:03:26 -------- d-----w- C:\ProgramData\Sophos
2014-01-31 08:26:30 41032 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2014-01-31 08:26:30 31264 ----a-w- C:\Windows\System32\drivers\gfiutil.sys
2014-01-28 05:50:53 -------- d-----w- C:\Users\Nissah\.android
2014-01-28 05:50:46 -------- d-----w- C:\Users\Nissah\AppData\Roaming\mgyun
2014-01-28 02:26:29 -------- d-----w- C:\LGP769BK
2014-01-28 02:22:00 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2014-01-28 02:22:00 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2014-01-28 02:22:00 224768 ----a-w- C:\Windows\SysWow64\msvcm90.dll
2014-01-28 02:21:48 53248 ----a-w- C:\Windows\SysWow64\CommonDL.dll
2014-01-28 02:21:33 -------- d-----w- C:\ProgramData\LGMOBILEAX
2014-01-28 02:15:51 36352 ----a-w- C:\Windows\System32\drivers\lgandnetmodem64.sys
2014-01-28 02:15:51 31744 ----a-w- C:\Windows\System32\drivers\lgandnetadb.sys
2014-01-28 02:15:51 29184 ----a-w- C:\Windows\System32\drivers\lgandnetdiag64.sys
2014-01-28 02:15:51 1919968 ----a-w- C:\Windows\System32\wdfcoinstaller01005.dll
2014-01-28 02:15:51 -------- d-----w- C:\Program Files (x86)\LG Electronics
2014-01-17 08:36:09 -------- d-----w- C:\Users\Nissah\AppData\Roaming\3909 LLC
2014-01-15 19:16:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 19:16:38 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 19:16:38 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 19:16:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 19:16:38 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 19:16:38 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 19:16:38 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 19:16:34 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 19:16:31 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-27 17:35:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-27 17:35:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-02 20:22:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-02 20:22:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-14 07:50:54 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 09:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:45:10.04 ===============
 

Attached Files



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 11 February 2014 - 01:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

 

Mod Edit:  Topic reopened per OP's PM request - Hamluis.


Edited by hamluis, 11 February 2014 - 09:48 AM.


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:16 PM

Posted 11 February 2014 - 09:28 PM

Hello yb125, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:16 PM

Posted 14 February 2014 - 11:35 PM

Do you still need help?


Best Regards,
oneof4.


#8 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 15 February 2014 - 12:42 AM

Yes indeed, sorry got busy with school and did not notice  your original reply. I will run the programs and post those logs ASAP



#9 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 15 February 2014 - 01:18 PM

So they would not run in normal mode, they computer would just hang. So I ran them both in safe mode.

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Nissah (administrator) on NISSAH-PC on 15-02-2014 09:49:48
Running from C:\Users\Nissah\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2486296 2014-01-05] ()
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-05] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [VirtualCloneDrive] - "d:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-01-02] (RealNetworks, Inc.)
HKU\S-1-5-21-1321414507-3021359432-2537240932-1000\...\Run: [googletalk] - C:\Users\Nissah\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1321414507-3021359432-2537240932-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1321414507-3021359432-2537240932-1000\...\Run: [TomTomHOME.exe] - "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-1321414507-3021359432-2537240932-1000\...\MountPoints2: {a5fc2569-835c-11e2-ba0b-001966b686e9} - G:\AutoRun.exe
HKU\S-1-5-21-1321414507-3021359432-2537240932-1000\...\MountPoints2: {bca69c0c-87c2-11e3-8cca-001966b686e9} - H:\LG_PC_Programs.exe
Startup: C:\Users\Nissah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8CAD1F56D513CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={F64760D9-D220-4DA3-AB39-A555171A4A07}&mid=09301cffb1d947d3a227d15020526f1a-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2013-02-25 20:15:59&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Nissah\AppData\Roaming\Mozilla\Firefox\Profiles\5mlwnbz0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-25]
CHR Extension: (Google Drive) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-25]
CHR Extension: (YouTube) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25]
CHR Extension: (Google Search) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-05-05]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-06-10]
CHR Extension: (RealDownloader) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-23]
CHR Extension: (Google Wallet) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Gmail) - C:\Users\Nissah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-02-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-05] (AVG Secure Search)
S3 SophosVirusRemovalTool; H:\SVRTservice.exe [X]
S2 TomTomHOMEService; "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-13] (AVG Technologies)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
S1 A2DDA; \??\H:\EEK\RUN\a2ddax64.sys [X]
S3 cleanhlp; \??\H:\EEK\Run\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-15 09:49 - 2014-02-15 09:49 - 00018994 _____ () C:\Users\Nissah\Desktop\FRST.txt
2014-02-15 09:49 - 2014-02-15 09:49 - 00000000 ____D () C:\FRST
2014-02-15 09:41 - 2014-02-14 21:39 - 02152960 _____ (Farbar) C:\Users\Nissah\Desktop\FRST64.exe
2014-02-15 09:41 - 2014-02-14 21:38 - 00987425 _____ () C:\Users\Nissah\Desktop\SecurityCheck.exe
2014-02-15 09:23 - 2014-02-15 09:23 - 00000000 ____D () C:\Windows\LastGood
2014-02-15 09:18 - 2014-02-15 09:18 - 307079762 _____ () C:\Windows\MEMORY.DMP
2014-02-15 09:18 - 2014-02-15 09:18 - 00274448 _____ () C:\Windows\Minidump\021514-11453-01.dmp
2014-02-14 21:51 - 2014-02-14 21:51 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-08 12:45 - 2014-02-08 12:45 - 00018363 _____ () C:\Users\Nissah\Desktop\dds.txt
2014-02-08 12:45 - 2014-02-08 12:45 - 00010644 _____ () C:\Users\Nissah\Desktop\attach.txt
2014-01-31 21:45 - 2014-01-31 21:41 - 00688992 ____R (Swearware) C:\Users\Nissah\Desktop\dds.com
2014-01-31 20:55 - 2014-01-31 20:55 - 00000801 _____ () C:\Users\Nissah\Desktop\HELP.txt
2014-01-31 11:13 - 2014-01-31 11:13 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-31 11:13 - 2014-01-31 11:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 11:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-01-31 00:26 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-01-31 00:26 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-01-30 21:19 - 2014-01-30 21:19 - 00000546 _____ () C:\Users\Nissah\Desktop\Emsisoft Emergency Kit.lnk
2014-01-29 20:49 - 2014-01-29 21:44 - 00000161 _____ () C:\Users\Nissah\Desktop\avgrep.txt
2014-01-29 19:36 - 2014-01-29 19:36 - 00274448 _____ () C:\Windows\Minidump\012914-21625-01.dmp
2014-01-29 14:17 - 2014-01-29 14:20 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Nissah\Downloads\winamp5666_full_all.exe
2014-01-27 21:58 - 2014-01-27 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\mgyun
2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\Nissah\.android
2014-01-27 21:46 - 2014-01-27 21:50 - 06926776 _____ (Shenzhen Xinyi Network Co.,Ltd. ) C:\Users\Nissah\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe
2014-01-27 18:26 - 2014-01-27 18:26 - 00000000 ____D () C:\LGP769BK
2014-01-27 18:22 - 2014-01-27 20:29 - 00000831 _____ () C:\Users\Nissah\Desktop\LGMobile Support Tool.lnk
2014-01-27 18:22 - 2011-05-06 19:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2014-01-27 18:22 - 2011-05-06 19:37 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2014-01-27 18:22 - 2011-05-06 19:37 - 00224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcm90.dll
2014-01-27 18:21 - 2014-01-27 20:29 - 00002411 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2014-01-27 18:21 - 2014-01-27 18:22 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2014-01-27 18:21 - 2006-04-30 14:33 - 00053248 _____ () C:\Windows\SysWOW64\CommonDL.dll
2014-01-27 18:16 - 2014-01-27 18:16 - 00261208 _____ (LG Electronics) C:\Users\Nissah\Downloads\B2CAppSetup.exe
2014-01-27 18:15 - 2014-01-27 18:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-27 18:15 - 2014-01-27 18:15 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-01-27 18:15 - 2013-06-28 11:45 - 00036352 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2014-01-27 18:15 - 2013-04-18 16:14 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2014-01-27 18:15 - 2013-04-18 16:12 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys
2014-01-27 18:15 - 2011-07-18 06:03 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01005.dll
2014-01-27 18:11 - 2014-01-27 18:15 - 11412680 _____ (LG Electronics) C:\Users\Nissah\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe
2014-01-24 19:17 - 2014-01-24 19:17 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-22 09:12 - 2014-01-22 10:42 - 00033792 ____H () C:\Users\Nissah\Documents\~WRL1379.tmp
2014-01-22 09:12 - 2014-01-22 09:12 - 00027648 ____H () C:\Users\Nissah\Documents\~WRL1511.tmp
2014-01-17 02:23 - 2014-01-17 02:23 - 00036864 _____ () C:\Users\Nissah\Documents\bigsby monthly.xls
2014-01-17 00:36 - 2014-01-17 00:36 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\3909 LLC
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D () C:\Users\Nissah\Downloads\PapersPlease-0.5.13-Win
2014-01-17 00:29 - 2014-01-17 00:29 - 12863847 _____ () C:\Users\Nissah\Downloads\PapersPlease-0.5.13-Win.zip
2014-01-16 22:18 - 2014-01-16 22:18 - 01096704 _____ () C:\Users\Nissah\Downloads\Markstrat Introduction.ppt
 
==================== One Month Modified Files and Folders =======
 
2014-02-15 09:49 - 2014-02-15 09:49 - 00018994 _____ () C:\Users\Nissah\Desktop\FRST.txt
2014-02-15 09:49 - 2014-02-15 09:49 - 00000000 ____D () C:\FRST
2014-02-15 09:42 - 2013-05-23 08:58 - 00000352 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-02-15 09:42 - 2013-02-25 20:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 09:42 - 2013-02-25 20:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 09:42 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 09:42 - 2009-07-13 20:51 - 00028572 _____ () C:\Windows\setupact.log
2014-02-15 09:29 - 2013-02-25 20:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-15 09:23 - 2014-02-15 09:23 - 00000000 ____D () C:\Windows\LastGood
2014-02-15 09:18 - 2014-02-15 09:18 - 307079762 _____ () C:\Windows\MEMORY.DMP
2014-02-15 09:18 - 2014-02-15 09:18 - 00274448 _____ () C:\Windows\Minidump\021514-11453-01.dmp
2014-02-15 09:18 - 2013-03-01 08:11 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 00:18 - 2014-01-02 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 21:51 - 2014-02-14 21:51 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-14 21:39 - 2014-02-15 09:41 - 02152960 _____ (Farbar) C:\Users\Nissah\Desktop\FRST64.exe
2014-02-14 21:38 - 2014-02-15 09:41 - 00987425 _____ () C:\Users\Nissah\Desktop\SecurityCheck.exe
2014-02-08 12:45 - 2014-02-08 12:45 - 00018363 _____ () C:\Users\Nissah\Desktop\dds.txt
2014-02-08 12:45 - 2014-02-08 12:45 - 00010644 _____ () C:\Users\Nissah\Desktop\attach.txt
2014-02-08 12:39 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-31 21:41 - 2014-01-31 21:45 - 00688992 ____R (Swearware) C:\Users\Nissah\Desktop\dds.com
2014-01-31 20:55 - 2014-01-31 20:55 - 00000801 _____ () C:\Users\Nissah\Desktop\HELP.txt
2014-01-31 11:13 - 2014-01-31 11:13 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-31 11:13 - 2014-01-31 11:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-01-30 21:19 - 2014-01-30 21:19 - 00000546 _____ () C:\Users\Nissah\Desktop\Emsisoft Emergency Kit.lnk
2014-01-29 21:44 - 2014-01-29 20:49 - 00000161 _____ () C:\Users\Nissah\Desktop\avgrep.txt
2014-01-29 20:49 - 2013-02-25 20:13 - 00000000 ____D () C:\Users\Nissah\AppData\Local\Avg2013
2014-01-29 19:36 - 2014-01-29 19:36 - 00274448 _____ () C:\Windows\Minidump\012914-21625-01.dmp
2014-01-29 19:35 - 2009-07-13 21:13 - 00778534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-29 17:53 - 2013-02-25 19:56 - 01798471 _____ () C:\Windows\WindowsUpdate.log
2014-01-29 14:58 - 2009-07-13 20:45 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 14:58 - 2009-07-13 20:45 - 00028144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 14:50 - 2013-04-06 19:18 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1321414507-3021359432-2537240932-1000
2014-01-29 14:50 - 2013-04-06 19:18 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1321414507-3021359432-2537240932-1000
2014-01-29 14:50 - 2010-11-20 19:47 - 00008444 _____ () C:\Windows\PFRO.log
2014-01-29 14:40 - 2013-12-12 23:35 - 00000000 ____D () C:\Users\Nissah\AppData\Local\Battle.net
2014-01-29 14:20 - 2014-01-29 14:17 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Nissah\Downloads\winamp5666_full_all.exe
2014-01-29 14:15 - 2013-02-27 22:31 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-01-29 12:18 - 2013-06-08 19:50 - 00000133 ____H () C:\Users\Nissah\Downloads\.picasa.ini
2014-01-29 11:40 - 2013-02-25 20:17 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 11:07 - 2013-06-08 20:00 - 00000000 ___HD () C:\Users\Nissah\Downloads\.picasaoriginals
2014-01-29 00:32 - 2013-02-27 00:07 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1321414507-3021359432-2537240932-1000
2014-01-29 00:32 - 2013-02-27 00:07 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1321414507-3021359432-2537240932-1000
2014-01-28 21:44 - 2013-02-26 21:41 - 00000000 ____D () C:\Users\Nissah\AppData\Local\Windows Live
2014-01-27 21:58 - 2014-01-27 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\mgyun
2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\Nissah\.android
2014-01-27 21:50 - 2014-01-27 21:46 - 06926776 _____ (Shenzhen Xinyi Network Co.,Ltd. ) C:\Users\Nissah\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe
2014-01-27 21:50 - 2013-02-25 19:56 - 00000000 ____D () C:\Users\Nissah
2014-01-27 20:29 - 2014-01-27 18:22 - 00000831 _____ () C:\Users\Nissah\Desktop\LGMobile Support Tool.lnk
2014-01-27 20:29 - 2014-01-27 18:21 - 00002411 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2014-01-27 18:26 - 2014-01-27 18:26 - 00000000 ____D () C:\LGP769BK
2014-01-27 18:22 - 2014-01-27 18:21 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2014-01-27 18:16 - 2014-01-27 18:16 - 00261208 _____ (LG Electronics) C:\Users\Nissah\Downloads\B2CAppSetup.exe
2014-01-27 18:15 - 2014-01-27 18:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-27 18:15 - 2014-01-27 18:15 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-01-27 18:15 - 2014-01-27 18:11 - 11412680 _____ (LG Electronics) C:\Users\Nissah\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe
2014-01-27 09:35 - 2014-01-02 12:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 09:35 - 2013-03-25 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-27 09:35 - 2013-03-25 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 09:35 - 2013-02-26 13:46 - 00000000 ____D () C:\Users\Nissah\AppData\Local\Adobe
2014-01-24 19:17 - 2014-01-24 19:17 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-22 10:42 - 2014-01-22 09:12 - 00033792 ____H () C:\Users\Nissah\Documents\~WRL1379.tmp
2014-01-22 09:12 - 2014-01-22 09:12 - 00027648 ____H () C:\Users\Nissah\Documents\~WRL1511.tmp
2014-01-17 02:23 - 2014-01-17 02:23 - 00036864 _____ () C:\Users\Nissah\Documents\bigsby monthly.xls
2014-01-17 00:36 - 2014-01-17 00:36 - 00000000 ____D () C:\Users\Nissah\AppData\Roaming\3909 LLC
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D () C:\Users\Nissah\Downloads\PapersPlease-0.5.13-Win
2014-01-17 00:29 - 2014-01-17 00:29 - 12863847 _____ () C:\Users\Nissah\Downloads\PapersPlease-0.5.13-Win.zip
2014-01-16 22:18 - 2014-01-16 22:18 - 01096704 _____ () C:\Users\Nissah\Downloads\Markstrat Introduction.ppt
2014-01-16 19:25 - 2013-12-12 23:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-16 10:39 - 2009-07-13 20:45 - 00437112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:04 - 2013-12-15 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 01:04 - 2009-07-13 18:34 - 00000499 _____ () C:\Windows\win.ini
2014-01-16 01:02 - 2013-02-26 22:52 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Nissah\AppData\Local\Temp\converter.exe
C:\Users\Nissah\AppData\Local\Temp\download-instsf449.exe
C:\Users\Nissah\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Nissah\AppData\Local\Temp\lowproc.exe
C:\Users\Nissah\AppData\Local\Temp\oi_{8768EEA6-98E9-431B-B2EC-D39822D39075}.exe
C:\Users\Nissah\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Nissah\AppData\Local\Temp\sfareca00001.dll
C:\Users\Nissah\AppData\Local\Temp\sfextra.dll
C:\Users\Nissah\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-14 22:17
 
==================== End Of Log ============================
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Nissah at 2014-02-15 09:50:16
Running from C:\Users\Nissah\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe Acrobat XI Pro (x32 Version: 11.0.00 - Adobe Systems)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3684 - AVG Technologies) Hidden
AVG 2013 (Version: 2013.0.3462 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
Battle.net (x32 Version:  - Blizzard Entertainment)
Belarc Advisor 8.3 (x32 Version: 8.3.0.0 - Belarc Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (x32 Version: 4.5.1.3868 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Everything 1.2.1.371 (x32 Version:  - )
Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
GoldWave v5.69 (x32 Version: 5.69 - GoldWave Inc.)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Talk (remove only) (HKCU Version:  - )
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
Hearthstone (x32 Version:  - Blizzard Entertainment)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LG United Mobile Driver (x32 Version: 3.10.1.0 - LG Electronics)
Maintenance Samsung ML-2525W Series (x32 Version:  - Samsung Electronics CO.,LTD)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Classic - Home Cinema 1.6.1.4235 (x32 Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rosetta Stone Version 3 (x32 Version: 3.3.5.2 - Rosetta Stone Ltd.)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
SpeedFan (remove only) (x32 Version:  - )
SugarSync (x32 Version: 2.0.19.112470 - SugarSync, Inc.)
TomTom HOME (x32 Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Total Video Converter 3.71 100812 (x32 Version:  - EffectMatrix Inc.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {005AC718-E4A1-49AC-A869-06DDC95DF54C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1321414507-3021359432-2537240932-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {400875C9-6812-4F12-A844-C55B64717033} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1321414507-3021359432-2537240932-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {78CD895A-BA45-4BFD-9AD0-F75B1D324828} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25] (Google Inc.)
Task: {813191F9-56F5-4BC5-8628-2F0054FAFA08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {8BAB61F7-F6D2-42CD-A339-0D16946358ED} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe [2013-05-23] (AVG Secure Search)
Task: {B0040759-4BC7-4F33-A3E3-9AF438E42DD7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1321414507-3021359432-2537240932-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BD0E58AA-11FB-4D50-97B5-5BA6210AF3A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1321414507-3021359432-2537240932-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C73E495D-9DF0-43B4-A710-63236E68F101} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1321414507-3021359432-2537240932-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D3FEC0B4-9CF2-401A-B418-F587572E654C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2014 09:47:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/15/2014 09:47:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/15/2014 09:47:32 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (02/15/2014 09:44:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgui.exe, version: 13.0.0.3456, time stamp: 0x528bf7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x711418b8
Faulting process id: 0xc84
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
 
Error: (02/15/2014 09:44:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2014 09:43:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgui.exe, version: 13.0.0.3456, time stamp: 0x528bf7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x711418b8
Faulting process id: 0xdd4
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
 
Error: (02/15/2014 09:43:39 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program AVG Diagnostics because of this error.
 
Program: AVG Diagnostics
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (02/15/2014 09:43:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgdiagex.exe, version: 13.0.0.3304, time stamp: 0x51539980
Faulting module name: DNSAPI.dll, version: 6.1.7601.17570, time stamp: 0x4d6f2733
Exception code: 0xc0000096
Fault offset: 0x000182f5
Faulting process id: 0x77c
Faulting application start time: 0xavgdiagex.exe0
Faulting application path: avgdiagex.exe1
Faulting module path: avgdiagex.exe2
Report Id: avgdiagex.exe3
 
Error: (02/15/2014 09:43:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgui.exe, version: 13.0.0.3456, time stamp: 0x528bf7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x711418b8
Faulting process id: 0x94c
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
 
Error: (02/15/2014 09:43:14 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spooler SubSystem App because of this error.
 
Program: Spooler SubSystem App
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
 
System errors:
=============
Error: (02/15/2014 09:49:19 AM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (02/15/2014 09:49:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/15/2014 09:49:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/15/2014 09:48:59 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/15/2014 09:48:53 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/15/2014 09:48:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSDriver
Avgldx64
discache
ElbyCDIO
spldr
Wanarpv6
 
Error: (02/15/2014 09:48:43 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: 
%%31
 
Error: (02/15/2014 09:48:41 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a35\SystemRoot\System32\Config\DEFAULT
 
Error: (02/15/2014 09:48:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:42:34 AM on ‎2/‎15/‎2014 was unexpected.
 
Error: (02/15/2014 09:43:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2014 09:47:57 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (02/15/2014 09:47:57 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (02/15/2014 09:47:32 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 16000000000B4100000B410000980B0000
 
Error: (02/15/2014 09:44:26 AM) (Source: Application Error)(User: )
Description: avgui.exe13.0.0.3456528bf7c2unknown0.0.0.000000000c0000005711418b8c8401cf2a7585e864c4C:\Program Files (x86)\AVG\AVG2013\avgui.exeunknowncfa6d83e-9668-11e3-9735-001966b686e9
 
Error: (02/15/2014 09:44:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2014 09:43:59 AM) (Source: Application Error)(User: )
Description: avgui.exe13.0.0.3456528bf7c2unknown0.0.0.000000000c0000005711418b8dd401cf2a75766b57f8C:\Program Files (x86)\AVG\AVG2013\avgui.exeunknownbfc49da7-9668-11e3-9735-001966b686e9
 
Error: (02/15/2014 09:43:39 AM) (Source: Application Error)(User: )
Description: AVG Diagnostics000000000
 
Error: (02/15/2014 09:43:39 AM) (Source: Application Error)(User: )
Description: avgdiagex.exe13.0.0.330451539980DNSAPI.dll6.1.7601.175704d6f2733c0000096000182f577c01cf2a7569048012C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exeC:\Windows\system32\DNSAPI.dllb3e10dbc-9668-11e3-9735-001966b686e9
 
Error: (02/15/2014 09:43:32 AM) (Source: Application Error)(User: )
Description: avgui.exe13.0.0.3456528bf7c2unknown0.0.0.000000000c0000005711418b894c01cf2a7565d05722C:\Program Files (x86)\AVG\AVG2013\avgui.exeunknownaf95f1aa-9668-11e3-9735-001966b686e9
 
Error: (02/15/2014 09:43:14 AM) (Source: Application Error)(User: )
Description: Spooler SubSystem App000000000
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-28 18:55:17.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7100.0_none_013362d4a058aaeb\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:55:17.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7100.0_none_013362d4a058aaeb\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:55:17.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7100.0_none_013362d4a058aaeb\userenv.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:55:04.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7100.0_none_318c2ba68836da17\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:55:03.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7100.0_none_318c2ba68836da17\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:55:03.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7100.0_none_318c2ba68836da17\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:53:36.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7100.0_none_2eb24e82f3fb5080\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:53:36.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7100.0_none_2eb24e82f3fb5080\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:53:35.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7100.0_none_2eb24e82f3fb5080\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-28 18:52:55.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\Backup\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7100.0_none_013362d4a058aaeb_userenv.dll_1a3a70b6 because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 3839.3 MB
Available physical RAM: 3279.88 MB
Total Pagefile: 7676.79 MB
Available Pagefile: 7139.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.53 GB) (Free:7.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: F20F44B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 


#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:16 PM

Posted 15 February 2014 - 05:17 PM

Hi :)

 

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!
 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Please refer to this link for instructions.
     
  • Right click it and run as admin & follow the prompts. (If it will not run in "Normal" mode, use "Safe" mode w/ Networking)

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply, along with a description of how things are running.

 


Best Regards,
oneof4.


#11 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 17 February 2014 - 04:26 AM

So it would not run in normal mode, but no change after running it in safe mode. Also when I ran it in safe mode it told me that AVG was active and I should disable it, but it did not seem to be active. I checked task manager and it was not in running applications, processes or services. 

 

 

ComboFix 14-02-16.01 - Nissah 02/17/2014   1:06.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.3294 [GMT -8:00]
Running from: c:\users\Nissah\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nissah\Documents\~WRL1379.tmp
c:\users\Nissah\Documents\~WRL1511.tmp
.
Infected copy of c:\windows\SysWow64\dnsapi.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-17 to 2014-02-17  )))))))))))))))))))))))))))))))
.
.
2014-02-17 09:09 . 2014-02-17 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-15 17:49 . 2014-02-15 17:50 -------- d-----w- C:\FRST
2014-02-15 17:23 . 2014-02-15 17:23 -------- d-----w- c:\windows\LastGood
2014-01-31 19:13 . 2014-01-31 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-31 19:13 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-31 18:03 . 2014-01-31 18:03 -------- d-----w- c:\programdata\Sophos
2014-01-31 08:26 . 2013-09-04 21:57 31264 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-01-31 08:26 . 2013-05-23 15:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-01-28 05:50 . 2014-01-28 05:50 -------- d-----w- c:\users\Nissah\.android
2014-01-28 05:50 . 2014-01-28 05:50 -------- d-----w- c:\users\Nissah\AppData\Roaming\mgyun
2014-01-28 02:26 . 2014-01-28 02:26 -------- d-----w- C:\LGP769BK
2014-01-28 02:22 . 2011-05-07 03:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2014-01-28 02:22 . 2011-05-07 03:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2014-01-28 02:22 . 2011-05-07 03:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2014-01-28 02:21 . 2006-04-30 22:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2014-01-28 02:21 . 2014-01-28 02:22 -------- d-----w- c:\programdata\LGMOBILEAX
2014-01-28 02:15 . 2014-01-28 02:15 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2014-01-28 02:15 . 2014-01-28 02:15 -------- d-----w- c:\program files (x86)\LG Electronics
2014-01-28 02:15 . 2013-06-28 19:45 36352 ----a-w- c:\windows\system32\drivers\lgandnetmodem64.sys
2014-01-28 02:15 . 2013-04-19 00:14 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag64.sys
2014-01-28 02:15 . 2013-04-19 00:12 31744 ----a-w- c:\windows\system32\drivers\lgandnetadb.sys
2014-01-28 02:15 . 2011-07-18 14:03 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-27 17:35 . 2013-03-26 01:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-27 17:35 . 2013-03-26 01:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 09:02 . 2013-02-27 06:52 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-01-02 20:22 . 2013-04-13 22:07 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-01-02 20:22 . 2013-04-13 22:07 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-12-14 11:01 . 2013-12-14 11:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-14 11:01 . 2013-12-14 11:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-14 11:01 . 2013-12-14 11:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-14 11:01 . 2013-12-14 11:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-14 11:01 . 2013-12-14 11:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-14 11:01 . 2013-12-14 11:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-14 11:01 . 2013-12-14 11:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-14 11:01 . 2013-12-14 11:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-14 11:01 . 2013-12-14 11:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-14 11:01 . 2013-12-14 11:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-14 11:01 . 2013-12-14 11:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-14 11:01 . 2013-12-14 11:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-14 11:01 . 2013-12-14 11:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-14 11:01 . 2013-12-14 11:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-14 11:01 . 2013-12-14 11:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-14 11:01 . 2013-12-14 11:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-14 11:01 . 2013-12-14 11:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-14 11:01 . 2013-12-14 11:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-14 11:01 . 2013-12-14 11:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-14 11:01 . 2013-12-14 11:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-14 11:01 . 2013-12-14 11:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-14 11:01 . 2013-12-14 11:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-14 11:01 . 2013-12-14 11:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-14 11:01 . 2013-12-14 11:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-14 11:01 . 2013-12-14 11:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-14 11:01 . 2013-12-14 11:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-14 11:01 . 2013-12-14 11:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-14 11:01 . 2013-12-14 11:01 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-14 11:01 . 2013-12-14 11:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-14 11:01 . 2013-12-14 11:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-14 11:01 . 2013-12-14 11:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-14 11:01 . 2013-12-14 11:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-14 11:01 . 2013-12-14 11:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-14 11:01 . 2013-12-14 11:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-14 11:01 . 2013-12-14 11:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-14 11:01 . 2013-12-14 11:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-14 11:01 . 2013-12-14 11:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-14 11:01 . 2013-12-14 11:01 413696 ----a-w- c:\windows\system32\html.iec
2013-12-14 11:01 . 2013-12-14 11:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-14 11:01 . 2013-12-14 11:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-14 11:01 . 2013-12-14 11:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-14 11:01 . 2013-12-14 11:01 235520 ----a-w- c:\windows\system32\url.dll
2013-12-14 11:01 . 2013-12-14 11:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-14 11:01 . 2013-12-14 11:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-14 11:01 . 2013-12-14 11:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-14 11:01 . 2013-12-14 11:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-14 11:01 . 2013-12-14 11:01 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-14 11:01 . 2013-12-14 11:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-14 11:01 . 2013-12-14 11:01 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-14 11:01 . 2013-12-14 11:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-14 11:01 . 2013-12-14 11:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-14 11:01 . 2013-12-14 11:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-14 11:01 . 2013-12-14 11:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-14 11:01 . 2013-12-14 11:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-14 11:01 . 2013-12-14 11:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-14 11:01 . 2013-12-14 11:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-14 11:01 . 2013-12-14 11:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-14 11:01 . 2013-12-14 11:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-14 11:01 . 2013-12-14 11:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-14 07:50 . 2013-02-26 04:15 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-27 01:41 . 2014-01-15 19:16 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 19:16 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 19:16 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 19:16 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 19:16 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 19:16 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 19:16 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:54 . 2013-12-15 08:31 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 11:40 . 2014-01-15 19:16 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 19:16 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 10:19 . 2013-12-15 08:31 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-15 08:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-15 08:31 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-15 08:31 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-15 08:31 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-15 08:31 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-15 08:31 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-15 08:31 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-15 08:31 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-15 08:31 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-15 08:31 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-15 08:31 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-15 08:31 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-15 08:31 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-15 08:31 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-15 08:31 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-15 08:31 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-15 08:31 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-15 08:31 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-15 08:31 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-15 08:31 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-15 08:31 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-15 08:31 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-25 09:48 . 2013-11-25 09:48 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-01-05 18:32 3349528 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll" [2014-01-05 3349528]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 20:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Nissah\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-12-13 1095000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-01-05 2486296]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-01-02 295512]
.
c:\users\Nissah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;h:\eek\RUN\a2ddax64.sys;h:\eek\RUN\a2ddax64.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;d:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 cleanhlp;cleanhlp;h:\eek\Run\cleanhlp64.sys;h:\eek\Run\cleanhlp64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;h:\svrtservice.exe;h:\SVRTservice.exe [x]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 19:37 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-26 17:35]
.
2014-02-17 c:\windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe [2013-05-23 16:58]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26 04:17]
.
2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26 04:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 20:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-29 23:41 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-29 23:41 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-04-29 23:41 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-29 23:41 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-04-29 23:41 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Nissah\AppData\Roaming\Mozilla\Firefox\Profiles\5mlwnbz0.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TomTomHOME.exe - d:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-VirtualCloneDrive - d:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
Wow6432Node-HKLM-Run-QuickTime Task - d:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Acrobat Assistant 8.0 - e:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
SSODL-EldosMountNotificator    REG_SZ    {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-Everything - d:\program files (x86)\Everything\Uninstall.exe
AddRemove-GoldWave v5.69 - d:\goldwave\unstall.exe
AddRemove-Picasa 3 - d:\program files (x86)\Google\Picasa3\Uninstall.exe
AddRemove-SpeedFan - d:\program files (x86)\SpeedFan\uninstall.exe
AddRemove-VirtualCloneDrive - d:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - d:\program files (x86)\CDBurnerXP\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1321414507-3021359432-2537240932-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1321414507-3021359432-2537240932-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-17  01:15:24 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-17 09:15
.
Pre-Run: 9,895,800,832 bytes free
Post-Run: 12,426,551,296 bytes free
.
- - End Of File - - B29C3F682B7B3C91E7F6E4359A3AFA41
A36C5E4F47E84449FF07ED3517B43A31


#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:16 PM

Posted 17 February 2014 - 12:35 PM

Hi :)
 
Please perform the following:
 
===================================================

Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

Best Regards,
oneof4.


#13 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 17 February 2014 - 12:45 PM

Quick clarification, is that threat detected screen shot what you want me to do, or just there to show me what the screen looks like.



#14 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 17 February 2014 - 01:07 PM

Ok so I am trying to run it in safe mode but the settings go back to default when it resets, so when I open the program "loaded modules" is unchecked again. 



#15 yb125

yb125
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 17 February 2014 - 01:34 PM

OK I rested it a couple more times and it worked. Here is the log.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users