Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I Remove Trojan Horse: PSW.Generic9.BSIU?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Ali_bear

Ali_bear

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 AM

Posted 13 June 2014 - 05:18 PM

Hello, I hope someone out there can help.

 

My mom downloaded a game from Pogo.com today called The Clumsys 2 Butterfly and AVG Anitivirus Software picked up the following infection: PSW.Generic9.BSIU. 

 

It said it was located in the following location: c:\Games\Pogo\The Clumsys 2 Butterly Effect\theclumsys2.ifn

 

The first thing i did was select "Protect Me" on the AVG software, and it said that it had successfully gotten rid of the infection.  I then uninstalled the game and ran a scan with the following programs:

 

--MalwareBytes

--Kapersky TDSS Killer

--AVG Antivirus

--Super AntiSpyware

 

My Mom's System Is:

 

HP Pavillion P6-2350

Windows 8 64-Bit

 

All of the above programs said that the system was clean.  There isn't much info online about this particular threat...but is there any other program that I can use to make sure that this threat is no longer active?  Any and all suggestions are welcome.  Thanks in advance!

 

ON A SIDE NOTE:  My mom tends to get lots of viruses on her computer and she mostly plays games that are from Pogo.com.  Does anyone know whether or not Pogo makes its users susceptible to malware and viruses?



BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 16 June 2014 - 08:48 AM

Hello Ali_bear,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

I believe the file AVG was warning you about was legitimate, and this was simply the case of a false-positive. Having said this, please complete the instructions above as I have not confirmed this yet and still do need to make sure your system is clean.

I doubt Pogo.com intentionally makes its users susceptible to malware, but that does not mean the site does not have malware on it through ads, links, etc.

Edited by TheShooter93, 16 June 2014 - 08:53 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 16 June 2014 - 02:23 PM

Please navigate to: C:\$AVG#.VAULT$ and see if there are any files in that folder. If possible, provide a screenshot of this folder along with your next post.
 
If you are unable to see this folder, please do the following and try again.
 
-------------------------------------------------
 
View Hidden Files/Folders
  • Press and hold the Windows key + R on your keyboad.
  • In the Run box type Control and hit Enter.
  • In Control Panel select Folder Options.
  • In Folder Options, click the View tab.
  • Select the radio button next to Show hidden files, folders, and drives.
  • Click OK.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 Ali_bear

Ali_bear
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:59 AM

Posted 16 June 2014 - 04:55 PM

Thank you very much for getting back to me :)

 

Here is the following information that you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Nancy (administrator) on CANDYBLOSSOM on 16-06-2014 16:33:06
Running from C:\Users\Nancy\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-215162122-70602566-3958010196-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKU\S-1-5-21-215162122-70602566-3958010196-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-215162122-70602566-3958010196-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Nancy\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=09b08bdb8efa47d29dc0a9aaf35a15f6-55ad80382b25fef41696e4ef9e59bb87422ed2d0 /CMPID=0214c
AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4374344 2014-01-10] ()
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {9373488B-DA60-4153-A8A0-E70E51EA21FA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {9373488B-DA60-4153-A8A0-E70E51EA21FA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Shopop WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\8k7r5crg.default-1399925908510
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\8k7r5crg.default-1399925908510\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\8k7r5crg.default-1399925908510\searchplugins\youtube-video-search.xml
FF Extension: WOT - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\8k7r5crg.default-1399925908510\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-09]
FF Extension: Adblock Plus - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\8k7r5crg.default-1399925908510\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-12]
FF HKCU\...\FIREFOX\Extensions: [{10886a85-c81d-48e0-a17e-106b174c4131}] - C:\Program Files (x86)\Buzz-it\150.xpi

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 70e6ca8c; "C:\windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 16:33 - 2014-06-16 16:33 - 00015898 _____ () C:\Users\Nancy\Downloads\FRST.txt
2014-06-16 16:32 - 2014-06-16 16:33 - 00000000 ____D () C:\FRST
2014-06-16 16:30 - 2014-06-16 16:30 - 02081280 _____ (Farbar) C:\Users\Nancy\Downloads\FRST64.exe
2014-06-15 20:17 - 2014-06-16 14:14 - 00000000 ____D () C:\Users\Paula\AppData\Roaming\Audacity
2014-06-15 19:55 - 2014-06-15 20:00 - 00000000 ____D () C:\Users\Paula\AppData\Local\Windows Live
2014-06-13 16:12 - 2014-06-13 16:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nancy\Downloads\tdsskiller.exe
2014-06-13 14:32 - 2014-06-13 14:32 - 00002100 _____ () C:\Users\Public\Desktop\Viking Ventures Noble Savages Value Pack.lnk
2014-06-11 23:27 - 2014-06-11 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 09:22 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 09:22 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 09:22 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 09:22 - 2014-05-23 21:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-11 09:22 - 2014-05-23 21:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 09:22 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 09:22 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 09:22 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 09:22 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 09:22 - 2014-05-23 20:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 09:22 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 09:22 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 09:22 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 09:22 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 09:22 - 2014-05-23 17:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-11 09:22 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 09:22 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-11 09:22 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-11 09:22 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-11 09:22 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-11 09:22 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-11 09:22 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-11 09:22 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-11 09:22 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-11 09:19 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 09:19 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 09:19 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-16 16:33 - 2014-06-16 16:33 - 00015898 _____ () C:\Users\Nancy\Downloads\FRST.txt
2014-06-16 16:33 - 2014-06-16 16:32 - 00000000 ____D () C:\FRST
2014-06-16 16:33 - 2014-01-10 19:54 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Temp
2014-06-16 16:30 - 2014-06-16 16:30 - 02081280 _____ (Farbar) C:\Users\Nancy\Downloads\FRST64.exe
2014-06-16 16:23 - 2014-01-11 18:04 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-16 16:07 - 2014-01-11 18:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 15:49 - 2014-01-12 18:52 - 00000000 ____D () C:\Users\Paula\AppData\Local\Temp
2014-06-16 15:47 - 2014-01-12 18:52 - 00000000 ____D () C:\Users\Paula
2014-06-16 15:02 - 2014-01-12 19:04 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-215162122-70602566-3958010196-1002
2014-06-16 15:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-16 14:39 - 2014-01-11 18:04 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 14:14 - 2014-06-15 20:17 - 00000000 ____D () C:\Users\Paula\AppData\Roaming\Audacity
2014-06-16 14:11 - 2014-01-10 19:54 - 01148122 _____ () C:\windows\WindowsUpdate.log
2014-06-16 13:51 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-16 09:06 - 2014-02-18 16:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-15 20:00 - 2014-06-15 19:55 - 00000000 ____D () C:\Users\Paula\AppData\Local\Windows Live
2014-06-15 16:05 - 2014-01-12 18:58 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BB51AD73-64E2-4F23-8E8B-8CAA0AA812E9}
2014-06-14 10:18 - 2014-01-10 19:57 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{E8A59165-6BD5-48E1-8E54-5A0F738AAF83}
2014-06-13 18:34 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-13 18:16 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-06-13 16:12 - 2014-06-13 16:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nancy\Downloads\tdsskiller.exe
2014-06-13 15:49 - 2014-01-11 18:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-13 15:40 - 2012-07-26 02:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-13 15:34 - 2014-01-10 21:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 15:34 - 2012-08-01 21:02 - 01041706 _____ () C:\windows\PFRO.log
2014-06-13 15:34 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-13 14:32 - 2014-06-13 14:32 - 00002100 _____ () C:\Users\Public\Desktop\Viking Ventures Noble Savages Value Pack.lnk
2014-06-12 07:00 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-12 06:59 - 2014-01-13 15:09 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 06:58 - 2014-01-10 21:55 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-12 06:57 - 2014-01-13 15:09 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 23:27 - 2014-06-11 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-31 00:16 - 2012-07-26 03:14 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 00:16 - 2012-07-26 03:14 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-23 21:48 - 2014-06-11 09:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-23 21:47 - 2014-06-11 09:22 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-23 21:47 - 2014-06-11 09:22 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-23 21:47 - 2014-06-11 09:22 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-05-23 21:47 - 2014-06-11 09:22 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-23 21:46 - 2014-06-11 09:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-23 21:45 - 2014-06-11 09:22 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-23 21:45 - 2014-06-11 09:22 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-23 21:45 - 2014-06-11 09:22 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-23 20:26 - 2014-06-11 09:22 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-23 20:25 - 2014-06-11 09:22 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-23 20:25 - 2014-06-11 09:22 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-23 20:09 - 2014-06-11 09:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-23 20:03 - 2014-06-11 09:22 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-23 17:37 - 2014-06-11 09:22 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-05-19 12:19 - 2014-03-31 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-19 12:19 - 2014-02-18 17:04 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-17 11:29 - 2014-01-12 17:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Nancy\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Nancy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nancy\AppData\Local\Temp\Shockwave_Installer_FF.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 14:17

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Nancy at 2014-06-16 16:33:40
Running from C:\Users\Nancy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{BFDEF3C4-C349-AE43-4D36-8814E4A9DC87}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China (HKLM-x32\...\Building the Great Wall of China) (Version:  - Pogo.com)
Buzz-it (HKLM-x32\...\c77ebbf3-47b3-466a-9d0e-52b04abeae0b) (Version:  - Buzz-it software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Secret Bunker USSR (HKLM-x32\...\Secret Bunker USSR) (Version:  - Pogo.com)
Shopop (HKLM-x32\...\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}) (Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tales of the Orient: The Rising Sun (HKLM-x32\...\Tales of the Orient: The Rising Sun) (Version:  - Pogo.com)
The Far Kingdoms (HKLM-x32\...\The Far Kingdoms) (Version:  - Pogo.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viking Ventures: Noble Savages Value Pack (HKLM-x32\...\Viking Ventures: Noble Savages Value Pack) (Version:  - Pogo.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

29-05-2014 22:39:03 Scheduled Checkpoint
06-06-2014 18:55:31 Scheduled Checkpoint
12-06-2014 11:55:17 Windows Modules Installer

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14E972E2-09F0-4276-AC51-0549ACD6F038} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E1D06F6-80F8-4220-A9E7-B03AA3A8A06E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {6E9B7B0D-6DFB-4833-B27B-1A9FBAAD0E1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {78C55679-B6EE-4FD1-BB74-0AF59166D4D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {79614E4F-D18C-4987-8DDB-DD8F27FACEB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {86C6EDF9-6F0A-4C1E-895C-51B82F1F8008} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D0035D5E-6460-4151-B4F4-8623BCBE8EE8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4093930-173F-426A-A4C5-12E059DC3C06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {FDBA3D2E-98A8-4EDB-AAF4-359764479858} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {FDFAC9F7-7F0F-4645-A2D2-0AA7B2D1E345} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-14 19:48 - 2013-11-14 19:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-07-04 23:37 - 2012-07-04 23:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 18:42 - 2012-05-04 18:42 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-04-03 18:33 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-14 19:49 - 2013-11-14 19:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-11 23:27 - 2014-06-11 23:27 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2014 04:33:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:33:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:33:18 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:33:03 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:32:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:32:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:32:18 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:32:03 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:31:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/16/2014 04:31:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error


System errors:
=============
Error: (06/14/2014 05:39:32 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/14/2014 00:30:47 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/14/2014 10:15:41 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 09:20:49 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 05:21:54 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 05:19:36 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 03:37:55 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 03:37:45 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (06/13/2014 03:35:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Registration Service service failed to start due to the following error:
%%1053

Error: (06/13/2014 03:35:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect.


Microsoft Office Sessions:
=========================
Error: (06/16/2014 04:33:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:33:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:33:18 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:33:03 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:32:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:32:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:32:18 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:32:03 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:31:48 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:

Error: (06/16/2014 04:31:33 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description:


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 7575.28 MB
Available physical RAM: 5699.21 MB
Total Pagefile: 8727.28 MB
Available Pagefile: 6050.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.25 GB) (Free:860.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.79 GB) (Free:2.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 23EAD5D4)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Also, here is the screenshot that you asked for as well:

 

AVGFolder.jpg



#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 17 June 2014 - 01:30 PM

Hello Ali_bear,

 

You're very welcome.   :)

Please do the following.
 
===============================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

Thank you very much for getting back to me.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    BHO: Shopop WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================
 
Restore File From AVG Virus Vault

It looks like AVG changed the file name and type of the original file, so we will have to restore it.
 
Please follow this guide on how to restore files from the AVG Virus Vault.
 
If you are able to restore the file to its original location, the directions below entitled "Upload to Virus Total" will be accurate. If you have to restore the file elsewhere, make sure to save it somewhere easily accessible and then locate the file in the new directory when uploading to Virus Total.
 
===================================================

Upload to Virus Total

  • Connect to Virus Total.
  • Ensure that the File tab is selected on the page (it should be by default).
  • Click Choose File.
  • Locate the file c:\Games\Pogo\The Clumsys 2 Butterly Effect\theclumsys2.ifn and click Scan it!
  • When the scan is complete, copy and paste the URL in your browser and include it in your next post.

===================================================

Lastly, please provide a fresh FRST Scan log in your post.   :)

===================================================

What I'd like to see in your next post:   :thumbsup2:

  • Fixlog.txt
  • URL from VirusTotal
  • Fresh FRST Scan log

Edited by TheShooter93, 17 June 2014 - 01:31 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 20 June 2014 - 09:48 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,574 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:59 AM

Posted 23 June 2014 - 11:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users