Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did an update and now nothing but problems!


  • Please log in to reply
10 replies to this topic

#1 mmunley

mmunley

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 23 May 2014 - 03:50 PM

I made some updates to my computer a few weeks ago and have had nothing but problems since. I cant get into itunes, the computer is very slow to load and now I have a new home page that I didnt set. I tried to restor the computer to an earier date with no luck, any help appreciated!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 26 May 2014 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 27 May 2014 - 09:00 PM

# AdwCleaner v3.211 - Report created 27/05/2014 at 21:37:14
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Michael Freund - DHSC0G81
# Running from : C:\Documents and Settings\Michael Freund\My Documents\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Michael Freund\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Michael Freund\Application Data\Viewpoint

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5A074B29-F830-49DE-A31B-5BB9D7F6B407}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17055


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Michael Freund\Application Data\Mozilla\Firefox\Profiles\yu0qfrno.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v

[ File : C:\Documents and Settings\Michael Freund\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5544 octets] - [27/05/2014 21:21:53]
AdwCleaner[S0].txt - [5571 octets] - [27/05/2014 21:37:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5631 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Michael Freund (administrator) on DHSC0G81 on 27-05-2014 21:50:39
Running from C:\Documents and Settings\Michael Freund\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\Michael Freund\My Documents\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [176128 2005-03-08] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2006-04-06] (CyberLink Corp.)
HKLM\...\Run: [MMTray] => C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.)
HKLM\...\Run: [MSN Toolbar] => C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-396814840-2085501048-3387816108-1006\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=MSNToolbar151
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
URLSearchHook: HKCU - AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {54D83D06-CBC2-4129-ABC8-9D69C0E1F437} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michael Freund\Application Data\Mozilla\Firefox\Profiles\yu0qfrno.default
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYVerInfo.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\WINDOWS\cache\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Michael Freund\Application Data\Mozilla\Firefox\Profiles\yu0qfrno.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Michael Freund\Application Data\Mozilla\Firefox\Profiles\yu0qfrno.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-05-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2009-12-27]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\
FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007-08-12]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (MSN® Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Michael Freund\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-11-19]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-30] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-27] (Malwarebytes Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-12] ()
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 bvrp_pci; No ImagePath
S3 catchme; \??\C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 21:49 - 2014-05-27 21:50 - 00000000 ____D () C:\FRST
2014-05-27 21:40 - 2014-05-27 21:40 - 00005711 _____ () C:\Documents and Settings\Michael Freund\Desktop\AdwCleaner report.txt
2014-05-27 21:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-27 21:21 - 2014-05-27 21:37 - 00000000 ____D () C:\AdwCleaner
2014-05-27 19:34 - 2014-05-27 21:14 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 19:34 - 2014-05-27 19:34 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-27 19:34 - 2014-05-27 19:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-27 19:34 - 2014-05-27 19:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-27 19:34 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-27 19:34 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-21 19:08 - 2014-05-21 19:08 - 17938608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-11 21:46 - 2014-05-11 21:46 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Application Data\AVG2014
2014-05-11 21:43 - 2014-05-21 19:27 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-11 21:43 - 2014-05-21 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-11 21:43 - 2014-05-11 21:43 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Application Data\TuneUp Software
2014-05-11 21:39 - 2014-05-23 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-11 21:36 - 2014-05-11 21:50 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Local Settings\Application Data\Avg2014
2014-05-11 21:36 - 2014-05-11 21:36 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Local Settings\Application Data\MFAData
2014-05-10 12:28 - 2014-05-10 12:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-04 20:44 - 2014-05-04 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-04 19:59 - 2014-05-11 23:24 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Desktop\i phone

==================== One Month Modified Files and Folders =======

2014-05-27 21:50 - 2014-05-27 21:49 - 00000000 ____D () C:\FRST
2014-05-27 21:45 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-27 21:41 - 2004-08-10 14:02 - 01466412 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 21:40 - 2014-05-27 21:40 - 00005711 _____ () C:\Documents and Settings\Michael Freund\Desktop\AdwCleaner report.txt
2014-05-27 21:39 - 2010-11-29 08:47 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-396814840-2085501048-3387816108-1006.job
2014-05-27 21:39 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-27 21:39 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-27 21:39 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-27 21:38 - 2005-09-22 18:14 - 00000178 ___SH () C:\Documents and Settings\Michael Freund\ntuser.ini
2014-05-27 21:38 - 2004-08-10 14:08 - 00032416 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-27 21:37 - 2014-05-27 21:21 - 00000000 ____D () C:\AdwCleaner
2014-05-27 21:14 - 2014-05-27 19:34 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 21:08 - 2012-09-18 15:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-27 19:34 - 2014-05-27 19:34 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-27 19:34 - 2014-05-27 19:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-27 19:34 - 2014-05-27 19:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-27 19:34 - 2009-08-30 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-27 19:32 - 2010-12-13 20:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-26 17:01 - 2013-05-09 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-05-26 10:00 - 2010-07-17 12:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-05-26 08:59 - 2010-11-19 00:55 - 00000304 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-396814840-2085501048-3387816108-1006.job
2014-05-23 19:36 - 2006-04-06 18:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-05-23 19:34 - 2006-04-06 18:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-23 18:04 - 2013-11-03 11:31 - 00022528 _____ () C:\Documents and Settings\Michael Freund\Desktop\Monthly Bills.xlr
2014-05-23 18:04 - 2005-09-22 22:29 - 00009744 _____ () C:\Documents and Settings\Michael Freund\Application Data\wklnhst.dat
2014-05-23 16:24 - 2014-05-11 21:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-21 19:31 - 2008-09-03 23:20 - 00000000 ____D () C:\Program Files\AVG
2014-05-21 19:27 - 2014-05-11 21:43 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 19:27 - 2014-05-11 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-21 19:27 - 2010-07-28 21:45 - 00772715 _____ () C:\WINDOWS\setupapi.log
2014-05-21 19:08 - 2014-05-21 19:08 - 17938608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-21 19:08 - 2012-09-18 15:39 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-21 19:08 - 2011-09-07 20:03 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-21 18:47 - 2013-01-07 18:49 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-21 18:47 - 2005-10-03 20:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 18:37 - 2005-09-22 18:14 - 00000000 ____D () C:\Documents and Settings\Michael Freund
2014-05-21 18:36 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-21 18:36 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-21 18:36 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-21 18:19 - 2006-04-06 18:26 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Application Data\Lavasoft
2014-05-19 20:02 - 2011-11-12 17:45 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Desktop\CVS
2014-05-14 00:36 - 2005-09-23 21:45 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Shared
2014-05-13 14:19 - 2014-03-27 22:15 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-03-31 16:11 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-03-31 16:11 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-05-13 14:17 - 2014-03-27 22:14 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-03-27 22:04 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-03-27 22:04 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:09 - 2014-04-18 15:02 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-03-27 22:03 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-03-27 22:03 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2014-05-12 17:40 - 2009-12-27 13:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-12 07:26 - 2014-05-27 19:34 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-27 19:34 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 23:24 - 2014-05-04 19:59 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Desktop\i phone
2014-05-11 21:50 - 2014-05-11 21:36 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Local Settings\Application Data\Avg2014
2014-05-11 21:46 - 2014-05-11 21:46 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Application Data\AVG2014
2014-05-11 21:46 - 2010-12-13 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG10
2014-05-11 21:43 - 2014-05-11 21:43 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Application Data\TuneUp Software
2014-05-11 21:40 - 2010-12-13 21:06 - 00000000 ___HD () C:\$AVG
2014-05-11 21:36 - 2014-05-11 21:36 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Local Settings\Application Data\MFAData
2014-05-11 20:59 - 2012-05-20 09:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 12:29 - 2014-05-10 12:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-04 20:45 - 2014-04-20 09:37 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-05-04 20:45 - 2014-04-20 09:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-05-04 20:44 - 2014-05-04 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-04 20:19 - 2006-11-02 19:40 - 00001738 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2014-05-04 19:58 - 2011-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\Michael Freund\Desktop\My Shared Folder
2014-05-02 18:38 - 2004-08-10 14:01 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp

Some content of TEMP:
====================
C:\Documents and Settings\Michael Freund\Local Settings\temp\A40_quicktime.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\airA10.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\airA53.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\firefoxjre_exe.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\nsaA4D.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\nshA56.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\nsnA50.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\nsuA57.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\PicasaUpdater_3897.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\PicasaUpdater_6bdd.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Michael Freund\Local Settings\temp\SecurityScan_Release.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2004-08-12 10:04] - [2009-02-09 06:20] - 0399360 ____A (Microsoft Corporation) 01095febf33beea00c2a0730b9b3ec28

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files



#4 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 27 May 2014 - 09:08 PM

Nasdaq, thank you for your help, computer is running is faster and home page is back to normal. The only thing is I still cannot get itunes to work, I get a message that says "A required itunes component is not installed." I tried to uninstall itunes from Programs, but I get another message that says, "The feature you are trying to use is on a network resource that is unavailable."



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 28 May 2014 - 07:17 AM


Change the application name for Itune.

Totally uninstall [Application name], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Application name] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [Application name] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked.

Keep me posted.

#6 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 28 May 2014 - 04:08 PM

Change the application name for Itune.

Totally uninstall [Application name], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Application name] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [Application name] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked.

Keep me posted.


How do I change the application name?

#7 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 28 May 2014 - 04:57 PM

nasdaq, I ran the revo uninstaller without changing the application name. It uninstalled itunes completely. I tried to reinstall itunes and I got messages saying "The older version of Bonjour and Apple Software Update cannot be removed." Then I got another one that said "Errors occurred during installation before iTunes could be configured. Your system has not been modified. To complete the installation, run the installer again." Did I royally mess this up by not changing the Application name? I dont know how to do it.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 29 May 2014 - 07:10 AM


I ran the revo uninstaller without changing the application name.

Do you remember what you removed?



To complete the installation, run the installer again."

Did you try to to re-install?
If not do it.

#9 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 29 May 2014 - 07:32 AM

I removed iTunes and all of it's components, I tried to reinstall the new version of itunes and it wouldn't install it.

#10 mmunley

mmunley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 29 May 2014 - 07:34 AM

I got all of those error messages I wrote in one of the previous replies.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 AM

Posted 29 May 2014 - 09:04 AM

Run the suggested fix on this page.

http://support.microsoft.com/kb/290301

Remove the offending programs, restart the computer and reinstall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users