Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after updating flash player, think it may have been fake :(


  • This topic is locked This topic is locked
19 replies to this topic

#1 TheWickedOne666

TheWickedOne666

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 17 April 2014 - 11:00 AM

Hi there  :bananas: i'll try my best not to dripfeed..
Acer Aspire running windows vista, second hand, i don't use p2p or download films ect, previous owner may have  :nono:  :thumbdown: 
Windows defender is out of date/disabled and when i attempt to turn it on, it flashes on and off the list, and i then get the error message, 0x800705b4, something about timing out. 
2 days ago, shortly after booting pc up, i got update windows for java and flash player, and this is or seems to be where the problems began.
I have now removed them both completely and got the links from a post on here of where to get the 'real' ones (i'm not sure whether the links i clicked were real or not as both looked authentic, verisign ect blah blah)
 
I run superantispyware pro every-single-day-without-fail 
I was using firefox at the time but now using chrome
I've removed ccleaner today after doing the DDS scan, the results of which were :
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.55.2
Run by ashley at 15:12:25 on 2014-04-17
Microsoft® Windows Vista Home Basic   6.0.6002.2.1252.44.1033.18.3000.1277 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0111&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0111&m=aspire_5735
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EPSON SX125 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigge.exe /fu "c:\windows\temp\E_SABAC.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\ashley\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{13061caa-0284-4f9a-b460-3d4699575b35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{BFA3CED0-F955-4D07-963E-E90AD98F9525} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-5-15 61424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-5-15 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-15 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-5-15 122368]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-1-14 1294848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-4-15 9216]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-4-15 114688]
.
=============== Created Last 30 ================
.
2014-04-17 11:07:24 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d1b09f7a-c4a2-491a-8b7b-5b9044a003c5}\offreg.dll
2014-04-17 02:26:46 -------- d-----w- c:\program files\ESET
2014-04-17 01:50:49 -------- d-----w- C:\AdwCleaner
2014-04-17 00:54:28 -------- d-----w- c:\users\ashley\appdata\roaming\Synaptics
2014-04-17 00:45:10 -------- d-----w- c:\programdata\Synaptics
2014-04-17 00:45:10 -------- d-----w- c:\program files\Synaptics
2014-04-17 00:44:41 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2014-04-17 00:44:41 173352 ----a-w- c:\windows\system32\SynCOM.dll
2014-04-17 00:44:41 120104 ----a-w- c:\windows\system32\SynTPCo5.dll
2014-04-17 00:44:39 169256 ----a-w- c:\windows\system32\SynTPAPI.dll
2014-04-17 00:44:39 1321904 ----a-w- c:\windows\system32\drivers\SynTP.sys
2014-04-16 19:04:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-16 12:07:33 8049928 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d1b09f7a-c4a2-491a-8b7b-5b9044a003c5}\mpengine.dll
2014-04-14 16:32:36 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-08 11:12:54 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-04-08 11:12:42 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-04-08 01:15:52 -------- d-----w- c:\program files\Roblox
2014-04-08 00:48:29 -------- d-----w- c:\users\ashley\appdata\local\MetaGeek,_LLC
2014-04-07 14:12:13 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{df781f73-d207-482c-968c-71501f1780fc}\gapaengine.dll
2014-04-07 13:52:44 -------- d-----w- c:\programdata\2C38
.
==================== Find3M  ====================
.
2014-03-11 08:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-03-07 22:52:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37:54 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
2014-01-25 00:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 15:12:39.68 ===============
 
Thanks in advance for your help  :) 


Oops am so sorry just saw the great big red 'no dds logs to be posted here' 
 
Apologies x


MiniToolBox by Farbar  Version: 23-01-2014
Ran by ashley (administrator) on 17-04-2014 at 18:27:35
Running from "C:\Users\ashley\Documents\Downloads"
Microsoft® Windows Vista Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Generic Marvell Yukon 88E8071 based Ethernet Controller = Local Area Connection (Disconnected)
Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ashley-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-23-4E-8D-0F-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdf3:6aa7:f910:0:b542:f398:1dd0:4f04(Preferred) 
   Temporary IPv6 Address. . . . . . : fdf3:6aa7:f910:0:7db9:22b8:7324:b53c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::b542:f398:1dd0:4f04%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 April 2014 09:28:38
   Lease Expires . . . . . . . . . . : 18 April 2014 09:28:36
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 201335630
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-D7-65-00-00-1D-72-E4-4A-FA
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : isatap.Home
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:42a:1c5:3f57:fffb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::42a:1c5:3f57:fffb%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  SkyRouter.Home
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2a00:1450:4009:804::1003
 173.194.34.132
 173.194.34.136
 173.194.34.134
 173.194.34.135
 173.194.34.131
 173.194.34.133
 173.194.34.137
 173.194.34.130
 173.194.34.142
 173.194.34.129
 173.194.34.128
 
 
 
Pinging google.com [173.194.34.132] with 32 bytes of data:
 
Reply from 173.194.34.132: bytes=32 time=27ms TTL=58
 
Reply from 173.194.34.132: bytes=32 time=25ms TTL=58
 
 
 
Ping statistics for 173.194.34.132:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 25ms, Maximum = 27ms, Average = 26ms
 
Server:  SkyRouter.Home
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
Reply from 98.139.183.24: bytes=32 time=136ms TTL=51
 
Reply from 98.139.183.24: bytes=32 time=122ms TTL=51
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 122ms, Maximum = 136ms, Average = 129ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 11 ...00 23 4e 8d 0f a8 ...... Atheros AR5B91 Wireless Network Adapter
  1 ........................... Software Loopback Interface 1
 21 ...00 00 00 00 00 00 00 e0  isatap.Home
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:5ef5:79fb:42a:1c5:3f57:fffb/128
                                    On-link
 11     33 fdf3:6aa7:f910::/64      On-link
 11    281 fdf3:6aa7:f910:0:7db9:22b8:7324:b53c/128
                                    On-link
 11    281 fdf3:6aa7:f910:0:b542:f398:1dd0:4f04/128
                                    On-link
 11    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::42a:1c5:3f57:fffb/128
                                    On-link
 11    281 fe80::b542:f398:1dd0:4f04/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/17/2014 05:52:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a6c0782f-a7bd-4cab-a99d-4cd53e9ed755}
 
Error: (04/17/2014 09:28:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 02:55:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 01:51:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 01:33:47 AM) (Source: Application Error) (User: )
Description: Faulting application SUPERANTISPYWARE.EXE, version 5.7.0.1018, time stamp 0x52cb2220, faulting module SysHook.dll, version 3.0.3000.0, time stamp 0x484f36b8, exception code 0xc0000005, fault offset 0x00013697,
process id 0xeb8, application start time 0xSUPERANTISPYWARE.EXE0.
 
Error: (04/17/2014 01:31:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 01:14:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2014 01:10:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 349426
 
Error: (04/17/2014 01:10:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 349426
 
Error: (04/17/2014 01:10:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (04/17/2014 05:59:53 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (04/17/2014 05:59:53 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (04/17/2014 05:59:53 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (04/17/2014 05:59:53 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (04/17/2014 05:59:53 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/17/2014 09:28:42 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (04/17/2014 09:28:28 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (04/17/2014 02:55:08 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (04/17/2014 02:54:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (04/17/2014 01:51:32 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2011 08:30:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 13Microsoft Office OneNote12.0.6211.100012.0.6215.1000690
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-17 03:01:43.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 03:01:42.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 03:01:41.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 03:01:39.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 01:18:26.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 01:18:25.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 01:18:25.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 01:18:24.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 12:47:15.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 12:47:13.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Acer Arcade Deluxe (Version: 2.0.5225)
Acer Crystal Eye Webcam (Version: 2.0.0.20)
Acer eDataSecurity Management (Version: 3.0.3062)
Acer Empowering Technology (Version: 3.0.3006)
Acer ePower Management (Version: 3.0.3012)
Acer eRecovery Management (Version: 3.0.3013)
Acer eSettings Management (Version: 3.0.3007)
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer ScreenSaver (Version: 1.11.0805)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Agere Systems HDA Modem
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1869)
AVG 2012 (Version: 12.0.1872)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.1890)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2193)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.3722)
AVG 2012 (Version: 12.1.2238)
AVG 2012 (Version: 12.1.2240)
AVG 2012 (Version: 12.1.2241)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 12.1.2247)
AVG 2012 (Version: 2012.1.2247)
Azada
Big Kahuna Reef
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe
Defraggler (Version: 2.14)
Diner Dash Flo on the Go
EPSON SX125 Series Printer Uninstall
ESET Online Scanner v3
eSobi v2 (Version: 2.0.3.000189)
Google Chrome (Version: 34.0.1847.116)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.23.9)
iCloud (Version: 2.1.3.25)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.1.5.5)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Mahjongg Artifacts
Marvell Miniport Driver (Version: 10.55.3.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 08.05.0818)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (Version: 11.5.29.0)
PhotoNow! (Version: 1.1.4619)
PL-2303 USB-to-Serial (Version: 1.2.10)
PowerDirector (Version: 6.5.2713)
QuickTime 7 (Version: 7.75.80.95)
Realtek High Definition Audio Driver (Version: 6.0.1.5643)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
Secunia PSI (3.0.0.9016) (Version: 3.0.0.9016)
Skype 6.11 (Version: 6.11.102)
Spotify (Version: 0.8.2.610.g090a06f8)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (Version: 1.5.81.13070)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
TrueCrypt (Version: 7.1a)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Xvid 1.2.1 final uninstall (Version: 1.2)
ZTE USB Driver (Version: 1.0.1.14)
 
========================= Devices: ================================
 
Name: Generic Marvell Yukon 88E8071 based Ethernet Controller
Description: Generic Marvell Yukon 88E8071 based Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 65%
Total physical RAM: 3000.12 MB
Available physical RAM: 1047.61 MB
Total Pagefile: 6238.51 MB
Available Pagefile: 3374.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:39.24 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:111.45 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ASHLEY-PC
 
Administrator            ashley                   Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
11-04-2014 10:43:28 Scheduled Checkpoint
11-04-2014 23:00:03 Scheduled Checkpoint
13-04-2014 08:11:55 Windows Update
16-04-2014 11:58:07 Windows Update
16-04-2014 19:02:25 Installed Java 7 Update 55
17-04-2014 00:47:10 Device Driver Package Install: Synaptics Mice and other pointing devices
17-04-2014 14:21:13 Removed Java 7 Update 55
17-04-2014 16:47:07 Nicki
17-04-2014 16:52:55 Removed Microsoft Office Home and Student 2007
 
**** End of log ****


Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 04/17/2014 08:47:08 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe (PID: 3964) [UP-HEUR]
 * C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe (PID: 3964) [T-HEUR]
 * C:\Users\ashley\Documents\Downloads\aswMBR.exe (PID: 5652) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 04/17/2014 08:50:39 PM
Execution time: 0 hours(s), 3 minute(s), and 31 seconds(s)

Edited by boopme, 28 April 2014 - 09:27 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 28 April 2014 - 09:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531407 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 03 May 2014 - 09:35 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 06 May 2014 - 06:16 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 07 May 2014 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

This is what is being reported as your security protection program.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}


Your Windows Defender is being disabled by Microsoft Security Essentials.
Both cannot be run in real time.

Also running both Security Essentials and AVG in real time will only slow down your computer.
You should use only one. You decide.

====

Download and run this tool. Post the log for my review. Let me know what issues you are having with this computer.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#6 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 09 May 2014 - 02:08 PM

Thank you i will get back to you with those soon and thanks admin x



#7 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 10 May 2014 - 01:42 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-05-2014
Ran by ashley at 2014-05-10 19:30:47
Running from C:\Users\ashley\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5225 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5225 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.20 - Acer Crystal Eye Webcam)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3062 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3006 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3012 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0805 - Acer Incorporated)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1901 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2238 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2240 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2241 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden
Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000189 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000189 - esobi Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.55.3.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2713 - CyberLink Corp.)
PowerDirector (Version: 6.5.2713 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5643 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.2.610.g090a06f8 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM\...\{13061CAA-0284-4F9A-B460-3D4699575B35}) (Version: 1.5.81.13070 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.14 - ZTE Corporation)
 
==================== Restore Points  =========================
 
28-04-2014 13:05:08 Windows Update
29-04-2014 09:23:35 Scheduled Checkpoint
29-04-2014 23:00:03 Scheduled Checkpoint
30-04-2014 13:16:56 Installed Java 7 Update 55
01-05-2014 09:52:58 Scheduled Checkpoint
02-05-2014 11:55:35 Scheduled Checkpoint
03-05-2014 02:00:14 Windows Update
04-05-2014 14:37:06 Scheduled Checkpoint
05-05-2014 13:34:54 Scheduled Checkpoint
06-05-2014 08:34:44 Windows Update
07-05-2014 09:59:33 Scheduled Checkpoint
09-05-2014 19:07:23 Windows Update
10-05-2014 18:23:25 Removed AVG 2012
10-05-2014 18:27:28 Removed AVG 2012
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00318392-2925-43D2-BDDC-3D608AEE77DB} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {425B93C9-0CBF-41F1-8BA3-B2A7C0F89E3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {63F8503E-F16E-48F2-8A50-11908500A57D} - System32\Tasks\SpeedMaxPc_sch_81F970F9-C66F-11E3-9A51-95EFDFC71B78 => C:\Program Files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2014-03-31] (SpeedMaxPc)
Task: {6EC3AD42-C69F-44CE-86D7-3E520AE924D6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {CF6DB0C2-190B-472C-A8EB-91E31C37408E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-22] (Google Inc.)
Task: {E41B7032-D4FF-4848-A6FB-8EEEDAC28504} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-22] (Google Inc.)
Task: {EEF49B9B-4797-4266-81C5-741A8CC36816} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\SpeedMaxPc_sch_81F970F9-C66F-11E3-9A51-95EFDFC71B78.job => C:\Program Files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-05-15 06:53 - 2008-01-17 02:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-05-15 06:50 - 2008-03-21 21:22 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-05-15 06:50 - 2008-05-15 06:50 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-05-15 06:50 - 2008-05-15 06:50 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-05-15 06:50 - 2008-05-15 06:50 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
2008-05-15 06:50 - 2008-05-15 06:50 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll
2008-05-15 06:50 - 2008-05-15 06:50 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-05-15 06:50 - 2008-05-15 06:50 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
2011-01-30 21:02 - 2008-05-26 15:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2011-01-30 21:02 - 2008-05-26 15:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2011-01-30 21:02 - 2008-05-26 15:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2011-01-30 21:02 - 2008-05-26 15:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2011-01-30 21:03 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2011-01-30 21:03 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-05-15 06:50 - 2007-01-09 19:25 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2011-01-30 21:00 - 2008-06-11 11:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2008-04-11 00:30 - 2008-04-11 00:30 - 00753664 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-04-11 00:30 - 2008-04-11 00:30 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2008-05-14 18:05 - 2008-05-14 18:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2014-04-17 01:44 - 2010-12-22 21:19 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2011-01-14 09:56 - 2011-01-14 09:56 - 00013096 _____ () C:\Program Files\Synaptics\Scrybe\MouseHelper.dll
2014-04-27 03:57 - 2014-04-24 01:33 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-27 03:57 - 2014-04-24 01:33 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-27 03:57 - 2014-04-24 01:33 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-27 03:57 - 2014-04-24 01:33 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Faulty Device Manager Devices =============
 
Name: Generic Marvell Yukon 88E8071 based Ethernet Controller
Description: Generic Marvell Yukon 88E8071 based Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/10/2014 07:17:52 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 09:04:04 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2014 07:56:39 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 09:49:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 09:11:06 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2014 04:24:15 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2014 09:23:11 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2014 11:41:26 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2014 01:57:18 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2014 03:42:03 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x0012928e,
process id 0xab8, application start time 0xExplorer.EXE0.
 
 
System errors:
=============
Error: (05/10/2014 07:17:52 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/10/2014 09:04:05 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/09/2014 07:56:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/07/2014 09:49:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/07/2014 09:11:07 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/06/2014 08:25:15 PM) (Source: bowser) (User: ) (EventID: 8003)
Description: The master browser has received a server announcement from the computer ADMIN-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BFA3CED0-F955-4D07-963E-E90AD98F9.
The master browser is stopping or an election is being forced.
 
Error: (05/06/2014 04:24:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Parallel port driver%%1058
 
Error: (05/06/2014 09:28:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Windows Modules Installer%%1053
 
Error: (05/06/2014 09:28:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: 30000Windows Modules Installer
 
Error: (05/06/2014 09:28:31 AM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
 
Microsoft Office Sessions:
=========================
Error: (05/10/2014 07:17:52 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2014 09:04:04 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2014 07:56:39 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 09:49:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 09:11:06 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2014 04:24:15 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2014 09:23:11 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2014 11:41:26 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2014 01:57:18 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2014 03:42:03 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Explorer.EXE6.0.6002.1800549e01da5ole32.dll6.0.6002.182774c28d53ec00000050012928eab801cf66b3ade21aa7
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-10 19:30:42.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:42.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:41.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:41.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:41.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:40.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:40.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 19:30:39.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 02:09:44.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-10 02:09:44.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 3000.12 MB
Available physical RAM: 1654.5 MB
Total Pagefile: 6232.51 MB
Available Pagefile: 4686.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.24 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:38.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:111.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 58072C37)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 10 May 2014 - 01:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by ashley (administrator) on ASHLEY-PC on 10-05-2014 19:29:35
Running from C:\Users\ashley\Documents\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\Scrybe\scrybe.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-04-11] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-04-11] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-04-18] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [409600 2008-06-11] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2049320 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-22] (Google Inc.)
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\MountPoints2: {c1da47ee-2d56-11e0-8e92-001d72e44afa} - F:\AUTORUN.EXE
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\MountPoints2: {c467faea-6783-11e0-8de8-001d72e44afa} - F:\AutoRun.exe
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\MountPoints2: {d29e687f-2d57-11e0-9f8e-001d72e44afa} - F:\AUTORUN.EXE
HKU\S-1-5-21-2887468563-44157987-829316303-1000\...\MountPoints2: {df593ae8-678c-11e0-a5cc-00a0c6000000} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0111&m=aspire_5735
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0111&m=aspire_5735
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-06-08]
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-06-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Extension: (Bejeweled) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2012-11-14]
CHR Extension: (Google Drive) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14]
CHR Extension: (YouTube) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Look of Disapproval) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2012-11-14]
CHR Extension: (Google Search) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Tampermonkey) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2012-11-26]
CHR Extension: (Gmelius) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2012-11-14]
CHR Extension: (UnlockedMW Toolbar Loader) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\domoiomfjlchjeclgmjaimdecmkgokpc [2012-11-25]
CHR Extension: (Mahjongg) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2012-11-14]
CHR Extension: (CAGE - Castle Age Game Enhancer [β]) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkafbmnniaaialfnijhnlhklghiojbc [2012-11-14]
CHR Extension: (Chain Reaction) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-11-14]
CHR Extension: (KIDO'Z Games) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghlcchaakmfckfnadbjemimebhpfgmdc [2012-11-14]
CHR Extension: (RubbishBooks) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklfihmmokekepifllhpdlkobiplpklj [2012-11-14]
CHR Extension: (Mafia Demon) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkphjphjballgjmbmbhcfcmnldjlkjkh [2014-04-25]
CHR Extension: (iPiccy Photo Editor) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2012-11-14]
CHR Extension: (Lucifers MOD) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmafennmmkgbibkodgmhlekfaaiddaii [2012-11-14]
CHR Extension: (SparkChess 7) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2012-11-14]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2012-11-14]
CHR Extension: (BrickIt) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldfjpcbgeppejpppciacpgdjfnnknjpm [2012-11-14]
CHR Extension: (Mafia Wars Addon) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2012-11-14]
CHR Extension: (Mahjong Solitaire) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2012-11-14]
CHR Extension: (Google Wallet) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1294848 2011-01-14] (Synaptics, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsldf3ed447; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA1BE79D-4E9F-4F32-9F21-92B0179C5EFD}\MpKsldf3ed447.sys [39464 2014-05-10] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-07-21] (ZTE Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.)
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
R4 AVGIDSFilter; system32\DRIVERS\avgidsfilterx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-10 19:29 - 2014-05-10 19:29 - 00000000 ____D () C:\FRST
2014-05-10 19:25 - 2014-05-10 19:25 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\TuneUp Software
2014-05-03 03:00 - 2014-04-29 11:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 03:00 - 2014-04-29 11:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-30 14:19 - 2014-04-30 14:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-30 14:18 - 2014-04-30 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-30 14:18 - 2014-04-30 14:17 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-30 14:18 - 2014-04-30 14:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-30 14:18 - 2014-04-30 14:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-30 14:18 - 2014-04-30 14:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Users\ashley\Documents\New Folder
2014-04-17 21:53 - 2014-05-01 19:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 21:52 - 2014-04-17 21:52 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 21:52 - 2014-04-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 21:51 - 2014-04-17 21:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-17 21:51 - 2014-04-17 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 21:51 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 21:51 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 21:51 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 21:33 - 2014-05-03 04:11 - 00000533 _____ () C:\Windows\Tasks\SpeedMaxPc_sch_81F970F9-C66F-11E3-9A51-95EFDFC71B78.job
2014-04-17 21:33 - 2014-04-17 21:40 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\SpeedMaxPc
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\DriverCure
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-17 20:47 - 2014-04-17 20:50 - 00002610 _____ () C:\Users\ashley\Desktop\Rkill.txt
2014-04-17 18:45 - 2014-04-17 18:45 - 00000568 _____ () C:\Users\ashley\Desktop\aswMBR.txt
2014-04-17 18:45 - 2014-04-17 18:45 - 00000512 _____ () C:\Users\ashley\Desktop\MBR.dat
2014-04-17 17:19 - 2014-04-17 17:19 - 00000000 ____D () C:\Users\ashley\AppData\Local\Secunia PSI
2014-04-17 17:18 - 2014-04-17 17:18 - 00000866 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-04-17 17:18 - 2014-04-17 17:18 - 00000000 ____D () C:\Program Files\Secunia
2014-04-17 14:58 - 2014-04-17 17:55 - 00012626 _____ () C:\Users\ashley\Desktop\attach.txt
2014-04-17 14:58 - 2014-04-17 15:12 - 00015214 _____ () C:\Users\ashley\Desktop\dds.txt
2014-04-17 03:26 - 2014-04-17 03:26 - 00000000 ____D () C:\Program Files\ESET
2014-04-17 02:54 - 2014-05-10 19:17 - 00714710 _____ () C:\Windows\PFRO.log
2014-04-17 02:50 - 2014-04-17 02:53 - 00000000 ____D () C:\AdwCleaner
2014-04-17 02:46 - 2014-04-17 02:46 - 00003404 _____ () C:\Windows\DPINST.LOG
2014-04-17 01:54 - 2014-04-17 01:54 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Synaptics
2014-04-17 01:48 - 2014-04-17 01:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-17 01:45 - 2014-04-17 01:48 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-17 01:45 - 2014-04-17 01:45 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-17 01:45 - 2014-04-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
2014-04-17 01:44 - 2010-12-22 21:20 - 01321904 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-04-17 01:44 - 2010-12-22 21:18 - 00218408 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
2014-04-17 01:44 - 2010-12-22 21:18 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-04-17 01:44 - 2010-12-22 21:18 - 00169256 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-04-17 01:44 - 2010-12-22 21:18 - 00120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo5.dll
2014-04-16 20:02 - 2014-04-16 20:04 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-14 18:14 - 2014-04-14 18:14 - 00000000 ____D () C:\Users\ashley\Documents\eDataSecurity_Acer_v3.0.3065_Vista(SP1)
2014-04-14 18:12 - 2014-04-14 18:12 - 00000000 ____D () C:\Users\ashley\Documents\BIOS_v1.08
2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\Users\ashley\Documents\Bluetooth_Broadcom_v.6.0.1.6300_Vistax86
2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\Users\ashley\Documents\Audio_Realtek_v.6.0.1.5643_Vistax86x64
2014-04-14 18:10 - 2014-04-14 18:10 - 00000000 ____D () C:\Users\ashley\Documents\Camera_Bison_v.2.0.0.20_Vistax86
2014-04-14 18:09 - 2014-04-14 18:09 - 00000000 ____D () C:\Users\ashley\Documents\CardReader_Realtek_v.6.0.6000.20076_Vistax86
2014-04-14 18:09 - 2014-04-14 18:09 - 00000000 ____D () C:\Users\ashley\Documents\Camera_Suyin_v.2.0.8_Vistax86
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\ashley\Documents\Chipset_Intel_v.8.7.0.1007_Vistax86
2014-04-14 18:05 - 2014-04-14 18:05 - 00000000 ____D () C:\Users\ashley\Documents\TouchPad_Synaptics_v.11.1.4.0_Vistax86
2014-04-10 03:09 - 2014-03-08 00:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 03:09 - 2014-03-08 00:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 03:09 - 2014-03-08 00:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 03:09 - 2014-03-08 00:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 03:09 - 2014-03-08 00:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 03:09 - 2014-03-08 00:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 03:09 - 2014-03-07 23:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 03:09 - 2014-03-07 23:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 03:09 - 2014-03-07 23:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 03:09 - 2014-03-07 23:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 03:09 - 2014-03-07 23:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 03:09 - 2014-03-07 23:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 03:09 - 2014-03-07 23:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 03:09 - 2014-03-07 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
2014-05-10 19:29 - 2014-05-10 19:29 - 00000000 ____D () C:\FRST
2014-05-10 19:28 - 2011-01-31 17:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-10 19:27 - 2011-10-12 19:30 - 00000000 ____D () C:\ProgramData\AVG2012
2014-05-10 19:25 - 2014-05-10 19:25 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\TuneUp Software
2014-05-10 19:22 - 2011-01-30 19:23 - 01711353 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 19:21 - 2011-04-22 17:58 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-05-10 19:18 - 2011-04-22 16:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 19:17 - 2014-04-17 02:54 - 00714710 _____ () C:\Windows\PFRO.log
2014-05-10 19:17 - 2011-01-30 21:01 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-05-10 19:17 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 19:17 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 19:17 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 14:39 - 2011-12-22 20:33 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-10 14:39 - 2006-11-02 13:58 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-10 14:12 - 2011-04-22 16:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 04:11 - 2014-04-17 21:33 - 00000533 _____ () C:\Windows\Tasks\SpeedMaxPc_sch_81F970F9-C66F-11E3-9A51-95EFDFC71B78.job
2014-05-01 19:29 - 2014-04-17 21:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 14:19 - 2014-04-30 14:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-30 14:19 - 2014-02-01 02:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-30 14:18 - 2014-04-30 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-30 14:17 - 2014-04-30 14:18 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-30 14:17 - 2014-04-30 14:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-30 14:17 - 2014-04-30 14:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-30 14:17 - 2014-04-30 14:18 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-30 14:17 - 2011-10-09 22:32 - 00000000 ____D () C:\Program Files\Java
2014-04-29 11:28 - 2014-05-03 03:00 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 11:07 - 2014-05-03 03:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Users\ashley\Documents\New Folder
2014-04-18 03:13 - 2006-11-02 13:44 - 00295704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 21:52 - 2014-04-17 21:52 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 21:52 - 2014-04-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 21:52 - 2014-04-17 21:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-17 21:51 - 2014-04-17 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 21:40 - 2014-04-17 21:33 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\SpeedMaxPc
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\DriverCure
2014-04-17 21:33 - 2014-04-17 21:33 - 00000000 ____D () C:\Program Files\SpeedMaxPc
2014-04-17 21:33 - 2011-01-30 20:52 - 00071016 _____ () C:\Users\ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 20:50 - 2014-04-17 20:47 - 00002610 _____ () C:\Users\ashley\Desktop\Rkill.txt
2014-04-17 19:41 - 2008-05-15 06:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-17 18:45 - 2014-04-17 18:45 - 00000568 _____ () C:\Users\ashley\Desktop\aswMBR.txt
2014-04-17 18:45 - 2014-04-17 18:45 - 00000512 _____ () C:\Users\ashley\Desktop\MBR.dat
2014-04-17 17:59 - 2008-05-15 06:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-17 17:58 - 2008-05-15 06:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-17 17:58 - 2008-05-15 06:33 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-04-17 17:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-17 17:57 - 2011-01-30 20:48 - 00000000 ____D () C:\Users\ashley
2014-04-17 17:55 - 2014-04-17 14:58 - 00012626 _____ () C:\Users\ashley\Desktop\attach.txt
2014-04-17 17:50 - 2011-11-29 00:17 - 00000000 ____D () C:\Program Files\AbiSuite2
2014-04-17 17:48 - 2011-01-30 20:52 - 00000000 ____D () C:\Users\ashley\AppData\Local\Google
2014-04-17 17:19 - 2014-04-17 17:19 - 00000000 ____D () C:\Users\ashley\AppData\Local\Secunia PSI
2014-04-17 17:18 - 2014-04-17 17:18 - 00000866 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-04-17 17:18 - 2014-04-17 17:18 - 00000000 ____D () C:\Program Files\Secunia
2014-04-17 15:12 - 2014-04-17 14:58 - 00015214 _____ () C:\Users\ashley\Desktop\dds.txt
2014-04-17 03:26 - 2014-04-17 03:26 - 00000000 ____D () C:\Program Files\ESET
2014-04-17 02:54 - 2012-07-09 11:57 - 00000000 ____D () C:\Program Files\epson
2014-04-17 02:53 - 2014-04-17 02:50 - 00000000 ____D () C:\AdwCleaner
2014-04-17 02:46 - 2014-04-17 02:46 - 00003404 _____ () C:\Windows\DPINST.LOG
2014-04-17 02:46 - 2011-11-29 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-04-17 02:46 - 2006-11-02 13:35 - 00000000 ____D () C:\Windows\twain_32
2014-04-17 02:45 - 2014-04-08 12:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-17 01:54 - 2014-04-17 01:54 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Synaptics
2014-04-17 01:48 - 2014-04-17 01:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-17 01:48 - 2014-04-17 01:45 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-17 01:45 - 2014-04-17 01:45 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-17 01:45 - 2014-04-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
2014-04-17 01:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-04-16 20:04 - 2014-04-16 20:02 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 12:48 - 2011-02-09 19:44 - 00000000 ____D () C:\Users\ashley\AppData\Local\Adobe
2014-04-14 18:14 - 2014-04-14 18:14 - 00000000 ____D () C:\Users\ashley\Documents\eDataSecurity_Acer_v3.0.3065_Vista(SP1)
2014-04-14 18:12 - 2014-04-14 18:12 - 00000000 ____D () C:\Users\ashley\Documents\BIOS_v1.08
2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\Users\ashley\Documents\Bluetooth_Broadcom_v.6.0.1.6300_Vistax86
2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\Users\ashley\Documents\Audio_Realtek_v.6.0.1.5643_Vistax86x64
2014-04-14 18:10 - 2014-04-14 18:10 - 00000000 ____D () C:\Users\ashley\Documents\Camera_Bison_v.2.0.0.20_Vistax86
2014-04-14 18:09 - 2014-04-14 18:09 - 00000000 ____D () C:\Users\ashley\Documents\CardReader_Realtek_v.6.0.6000.20076_Vistax86
2014-04-14 18:09 - 2014-04-14 18:09 - 00000000 ____D () C:\Users\ashley\Documents\Camera_Suyin_v.2.0.8_Vistax86
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\ashley\Documents\Chipset_Intel_v.8.7.0.1007_Vistax86
2014-04-14 18:05 - 2014-04-14 18:05 - 00000000 ____D () C:\Users\ashley\Documents\TouchPad_Synaptics_v.11.1.4.0_Vistax86
2014-04-14 17:24 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 03:08 - 2013-08-19 12:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2006-11-02 11:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\ashley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ashley\AppData\Local\Temp\Quarantine.exe
C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-10 19:23
 
==================== End Of Log ============================


#9 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 10 May 2014 - 01:46 PM

Thank you for taking the time to help and advise me hope the above is ok 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 11 May 2014 - 07:13 AM


Optional.
CHR Extension: (Look of Disapproval) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2012-11-14]
This extension inserts advertisements as you browse. If you want to keep it remove it from the code box below.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM\...\Run: [eRecoveryService] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-06-08]
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-06-08]
CHR Plugin: (AVG Internet Security) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Extension: (Look of Disapproval) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2012-11-14]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
R4 AVGIDSFilter; system32\DRIVERS\avgidsfilterx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\ashley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe

End

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.


Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know of any issues with this computer.

#11 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 12 May 2014 - 03:45 AM

Thank you i will do that now.. i wondered where the ads were coming from .. never thought about that extension 



#12 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 12 May 2014 - 04:36 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
Ran by ashley at 2014-05-12 10:33:20 Run:1
Running from C:\Users\ashley\Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [eRecoveryService] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-06-08]
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-06-08]
CHR Plugin: (AVG Internet Security) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Extension: (Look of Disapproval) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2012-11-14]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
R4 AVGIDSFilter; system32\DRIVERS\avgidsfilterx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\ashley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-06-08] => not found.
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-06-08] => not found.
C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll not found.
C:\Windows\system32\npdeployJava1.dll not found.
C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn => Moved successfully.
AVGIDSDriver => Service not found.
AVGIDSFilter => Service not found.
AVGIDSHX => Service not found.
AVGIDSShim => Service not found.
Avgrkx86 => Service not found.
Avgtdix => Service not found.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\ashley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\ashley\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
 
==== End of Fixlog ====


#13 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 12 May 2014 - 05:25 AM

# AdwCleaner v3.208 - Report created 12/05/2014 at 11:18:13
# Updated 11/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : ashley - ASHLEY-PC
# Running from : C:\Users\ashley\Documents\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\Program Files\SpeedMaxPc
Folder Deleted : C:\Users\ashley\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\ashley\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F8503E-F16E-48F2-8A50-11908500A57D}
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKLM\Software\SpeedMaxPC
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=5a00335700000000000000234e8d0fa8
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [5193 octets] - [17/04/2014 02:50:54]
AdwCleaner[R1].txt - [1542 octets] - [12/05/2014 11:15:44]
AdwCleaner[S0].txt - [5354 octets] - [17/04/2014 02:52:41]
AdwCleaner[S1].txt - [1757 octets] - [12/05/2014 11:18:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1817 octets] ##########
 
 
 
 
 
 
 
Tried to open the link for security check, it came up with an error x


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 12 May 2014 - 08:12 AM

Tried to open the link for security check, it came up with an error x

After a restart of the computer click on the link.
It's working for me now.

#15 TheWickedOne666

TheWickedOne666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wolverhampton, UK
  • Local time:06:25 PM

Posted 12 May 2014 - 11:43 AM

Sorry still getting an error, i downloaded it [[http://www.bleepingcomputer.com/download/securitycheck/ Here]]

I hope this is ok  :)

 

Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 55  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users