Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't install virus/malware removal programs. Missing icons and favourites


  • This topic is locked This topic is locked
18 replies to this topic

#1 stevieddj1

stevieddj1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 August 2014 - 02:04 PM

Hello everyone

 

A friend has given me her computer to fix as she has noticed that icons have disappeared from her desktop and that her favourites have disappeared from internet explorer. I have fixed similar problems previously for other friends by running various virus/malware removal programs like Malwarebytes, ADW Cleaner, Combofix, Junkware Removal Tool etc but this time the computer won't let me download and install anything. I have tried to download and install programs in safe mode but still no luck.

 

I decided to download the programs on a separate computer and put them onto a USB stick. I then booted up the infected computer into safe mode and transferred all the programs onto the desktop but when I double click on the set-up files I keep getting errors.

 

The errors I get are as follows

 

Malwarebytes - The system cannot find the path specified

ADWCleaner - Autolt Error - Unable to open the script file

Combofix - NSIS Error - Error launching installer

Junkware Removal Tool - Could not open the archive file "C:\Windows\system32\config\systemprofile\Desktop\JRT.exe. The system cannot find the file path specified

 

These errors occur in both normal and safe mode.

 

I have tried running DDS as advised in the Preparation Guide but I get the following error

 

dds.com - NSIS Error - Error launching installer

 

Please can one of the experts look into this for me and hopefully resolve the problems I'm having.

 

Many thanks

 

Steve.



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 20 August 2014 - 06:51 PM

Hello 

stevieddj1

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 21 August 2014 - 06:54 AM

Hello fireman4it

 

Many thanks for assisting me with this problem.

 

I was surprised that FRST ran on the computer because nothing else will.

 

Here are the FRST.txt and Addition.txt files

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by sarah (administrator) on SARAH-HP on 21-08-2014 12:28:10
Running from C:\Windows\System32\config\systemprofile\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-27] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-11] ()
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD50F3D7B85BCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {5E39C9B8-D449-4AE3-B6C9-1D94E092764D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {5E39C9B8-D449-4AE3-B6C9-1D94E092764D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-03-24] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx [2014-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\sarah\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 12:28 - 2014-08-21 12:28 - 00016116 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-08-21 12:22 - 2014-08-21 12:28 - 00000000 ____D () C:\FRST
2014-08-21 12:21 - 2014-08-21 12:19 - 02101760 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-08-20 19:55 - 2014-08-20 19:54 - 00688992 _____ (Swearware) C:\Windows\system32\config\systemprofile\Desktop\dds.com
2014-08-20 19:31 - 2014-08-20 19:31 - 00000000 _____ () C:\Windows\system32\config\systemprofile\Desktop\dds.com.7kld1xl.partial
2014-08-20 17:42 - 2014-08-20 17:26 - 05572251 _____ (Swearware) C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
2014-08-20 16:46 - 2014-08-20 16:45 - 01944824 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\rkill.exe
2014-08-20 16:07 - 2014-08-20 16:01 - 01016261 _____ (Thisisu) C:\Windows\system32\config\systemprofile\Desktop\JRT.exe
2014-08-20 16:07 - 2014-08-20 16:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Windows\system32\config\systemprofile\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 16:04 - 2014-08-20 16:01 - 01361671 _____ () C:\Windows\system32\config\systemprofile\Desktop\AdwCleaner.exe
2014-08-20 15:51 - 2014-08-20 15:51 - 00000000 _____ () C:\Windows\system32\config\systemprofile\Downloads\mbam-setup-2.0.2.1012.exe.qsyt6m8.partial
2014-08-19 15:59 - 2014-08-20 15:33 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-17 22:30 - 2014-08-17 22:30 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 __SHD () C:\Windows\system32\config\systemprofile\AppData\Local\EmieUserList
2014-08-17 17:45 - 2014-08-17 17:45 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Hewlett-Packard
2014-08-17 17:32 - 2014-08-17 17:32 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-08-16 10:30 - 2014-08-21 11:18 - 00000000 __SHD () C:\Windows\system32\config\systemprofile\AppData\Local\EmieSiteList
2014-08-16 10:29 - 2014-08-16 10:29 - 00058016 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 10:28 - 2014-08-16 10:28 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
2014-08-16 10:28 - 2014-08-16 10:28 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Local\ATI
2014-08-16 10:27 - 2014-08-20 15:33 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-08-16 10:23 - 2014-08-17 22:30 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{855E1C65-BE87-49B4-90F1-30C550B5F7AD}
2014-08-16 10:23 - 2014-08-17 17:43 - 00001427 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe
2014-08-13 06:14 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 06:14 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 06:14 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 06:14 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 06:14 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 06:14 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 06:14 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 06:14 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 05:49 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 05:49 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 05:49 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 05:49 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 05:49 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 05:49 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 05:49 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 05:49 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 05:49 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 05:49 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 05:49 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 05:49 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 05:49 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 05:49 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 05:49 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 05:49 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 05:49 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 05:49 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 05:49 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 05:49 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 05:49 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 05:49 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 05:49 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 05:49 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 05:49 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 05:49 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 05:49 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 05:49 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 05:49 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 05:49 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 05:49 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 05:49 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 05:49 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 05:49 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 05:49 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 05:49 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 05:49 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 05:49 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 05:49 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 05:49 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 05:49 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 05:49 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 05:49 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 05:49 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 05:49 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 05:49 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 05:49 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 05:49 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 05:49 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 05:49 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 05:49 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 05:49 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 05:49 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 05:49 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 05:49 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 05:49 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 05:49 - 2014-07-16 04:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 05:49 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 05:49 - 2014-07-16 03:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 05:49 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 05:49 - 2014-07-16 03:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 05:49 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 05:49 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 05:49 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 05:49 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 05:49 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 05:49 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 05:49 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 05:49 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 05:49 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 05:49 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 05:49 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 05:49 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 05:49 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 05:49 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 05:49 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 05:49 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 05:49 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 05:49 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 05:49 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 05:49 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 05:49 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 05:49 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 05:48 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 05:48 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 05:48 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 05:48 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 11:34 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 11:34 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 11:34 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 11:34 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 11:34 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 11:34 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 11:34 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 11:34 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 11:34 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 12:28 - 2014-08-21 12:28 - 00016116 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-08-21 12:28 - 2014-08-21 12:22 - 00000000 ____D () C:\FRST
2014-08-21 12:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 12:27 - 2009-07-14 05:51 - 00157003 _____ () C:\Windows\setupact.log
2014-08-21 12:25 - 2009-07-14 05:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 12:24 - 2013-03-23 19:43 - 01951535 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 12:19 - 2014-08-21 12:21 - 02101760 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-08-21 12:19 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 12:18 - 2013-09-13 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 11:25 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 11:25 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 11:18 - 2014-08-16 10:30 - 00000000 __SHD () C:\Windows\system32\config\systemprofile\AppData\Local\EmieSiteList
2014-08-20 19:54 - 2014-08-20 19:55 - 00688992 _____ (Swearware) C:\Windows\system32\config\systemprofile\Desktop\dds.com
2014-08-20 19:31 - 2014-08-20 19:31 - 00000000 _____ () C:\Windows\system32\config\systemprofile\Desktop\dds.com.7kld1xl.partial
2014-08-20 17:26 - 2014-08-20 17:42 - 05572251 _____ (Swearware) C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
2014-08-20 16:45 - 2014-08-20 16:46 - 01944824 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\rkill.exe
2014-08-20 16:01 - 2014-08-20 16:07 - 01016261 _____ (Thisisu) C:\Windows\system32\config\systemprofile\Desktop\JRT.exe
2014-08-20 16:01 - 2014-08-20 16:04 - 01361671 _____ () C:\Windows\system32\config\systemprofile\Desktop\AdwCleaner.exe
2014-08-20 16:00 - 2014-08-20 16:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Windows\system32\config\systemprofile\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 15:51 - 2014-08-20 15:51 - 00000000 _____ () C:\Windows\system32\config\systemprofile\Downloads\mbam-setup-2.0.2.1012.exe.qsyt6m8.partial
2014-08-20 15:43 - 2014-03-10 12:04 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsarah.job
2014-08-20 15:40 - 2014-03-10 12:04 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsarah
2014-08-20 15:33 - 2014-08-19 15:59 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-20 15:33 - 2014-08-16 10:27 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-08-20 15:33 - 2014-05-06 16:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-20 15:33 - 2013-12-09 11:48 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-20 15:33 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-20 15:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-19 11:21 - 2011-02-11 18:01 - 67534848 _____ () C:\Windows\system32\config\RegBack\SOFTWARE
2014-08-19 11:21 - 2011-02-11 18:01 - 15024128 _____ () C:\Windows\system32\config\RegBack\SYSTEM
2014-08-19 11:21 - 2011-02-11 18:01 - 00491520 _____ () C:\Windows\system32\config\RegBack\DEFAULT
2014-08-19 11:21 - 2011-02-11 18:01 - 00061440 _____ () C:\Windows\system32\config\RegBack\SAM
2014-08-19 11:20 - 2011-02-11 18:01 - 00028672 _____ () C:\Windows\system32\config\RegBack\SECURITY
2014-08-18 21:19 - 2013-04-15 19:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-18 21:19 - 2013-03-26 00:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-17 22:30 - 2014-08-17 22:30 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
2014-08-17 22:30 - 2014-08-16 10:23 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{855E1C65-BE87-49B4-90F1-30C550B5F7AD}
2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 __SHD () C:\Windows\system32\config\systemprofile\AppData\Local\EmieUserList
2014-08-17 17:45 - 2014-08-17 17:45 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Hewlett-Packard
2014-08-17 17:43 - 2014-08-16 10:23 - 00001427 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-17 17:32 - 2014-08-17 17:32 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-08-16 10:29 - 2014-08-16 10:29 - 00058016 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 10:28 - 2014-08-16 10:28 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
2014-08-16 10:28 - 2014-08-16 10:28 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Local\ATI
2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe
2014-08-16 10:23 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-16 00:37 - 2013-03-23 19:52 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C19C2F83-83AA-4D8F-8048-F5337402B7B3}
2014-08-16 00:29 - 2010-11-21 04:47 - 00778150 _____ () C:\Windows\PFRO.log
2014-08-13 06:20 - 2013-07-22 13:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 06:17 - 2013-03-27 21:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-11 17:49 - 2013-12-09 11:48 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-07 03:06 - 2014-08-13 05:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-13 05:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 14:25 - 2013-09-26 14:06 - 00030976 _____ () C:\Windows\rascntrl.dll
2014-08-06 14:25 - 2013-09-26 14:06 - 00023104 _____ () C:\Windows\SysWOW64\svcprmpt.dll
2014-08-01 00:41 - 2014-08-13 05:49 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-13 05:49 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 16:47 - 2013-04-10 13:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-25 15:52 - 2014-08-13 05:49 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 15:02 - 2014-08-13 05:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 15:01 - 2014-08-13 05:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 14:51 - 2014-08-13 05:49 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 14:30 - 2014-08-13 05:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 14:28 - 2014-08-13 05:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 14:28 - 2014-08-13 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 14:25 - 2014-08-13 05:49 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 14:25 - 2014-08-13 05:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 14:11 - 2014-08-13 05:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 14:10 - 2014-08-13 05:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 14:04 - 2014-08-13 05:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 14:03 - 2014-08-13 05:49 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 14:00 - 2014-08-13 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 14:00 - 2014-08-13 05:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 13:59 - 2014-08-13 05:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 13:47 - 2014-08-13 05:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:40 - 2014-08-13 05:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 13:34 - 2014-08-13 05:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 13:34 - 2014-08-13 05:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 13:33 - 2014-08-13 05:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 13:30 - 2014-08-13 05:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 13:28 - 2014-08-13 05:49 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 13:28 - 2014-08-13 05:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:21 - 2014-08-13 05:49 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 13:19 - 2014-08-13 05:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 13:18 - 2014-08-13 05:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 13:17 - 2014-08-13 05:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 13:17 - 2014-08-13 05:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 13:12 - 2014-08-13 05:49 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 13:10 - 2014-08-13 05:49 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 13:10 - 2014-08-13 05:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 13:08 - 2014-08-13 05:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 13:06 - 2014-08-13 05:49 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 12:52 - 2014-08-13 05:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 12:47 - 2014-08-13 05:49 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 12:43 - 2014-08-13 05:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 12:42 - 2014-08-13 05:49 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 12:39 - 2014-08-13 05:49 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 12:39 - 2014-08-13 05:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 12:36 - 2014-08-13 05:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 12:34 - 2014-08-13 05:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 12:29 - 2014-08-13 05:49 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 12:23 - 2014-08-13 05:49 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 12:13 - 2014-08-13 05:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 12:07 - 2014-08-13 05:49 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 12:07 - 2014-08-13 05:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 12:03 - 2014-08-13 05:49 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 11:52 - 2014-08-13 05:49 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 11:26 - 2014-08-13 05:49 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 11:17 - 2014-08-13 05:49 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 11:09 - 2014-08-13 05:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 11:05 - 2014-08-13 05:49 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 11:00 - 2014-08-13 05:49 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 16:41 - 2013-03-24 14:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 16:41 - 2013-03-24 14:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-19 11:21

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by sarah at 2014-08-21 12:29:15
Running from C:\Windows\System32\config\systemprofile\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60914.1136 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.786 - AVG Technologies)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Coupon Printer (HKLM-x32\...\Coupon Printer2.2.0.5) (Version: 2.2.0.5 - Coupons.com Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 1.2.0.0 - Internet Helper (Powered by Panda Security))
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{EC27E742-EB04-4A2C-BA64-20271929528A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yontoo 2.051 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.051 - Yontoo LLC) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

16-07-2014 23:02:51 Scheduled Checkpoint
18-07-2014 16:23:37 Installed Java 7 Update 65
24-07-2014 13:15:01 Windows Update
01-08-2014 10:17:43 Installed AVG 2014
03-08-2014 10:33:34 Windows Update
10-08-2014 20:50:04 Scheduled Checkpoint
13-08-2014 05:13:21 Windows Update
19-08-2014 17:54:14 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E144F3-F084-4191-8368-5999AB5FE901} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {487CB9B4-0DDC-4F3F-BA45-AA69BF12B4B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {746C816D-0A03-49B5-9A93-381EDAFE94B5} - System32\Tasks\HPCeeScheduleForsarah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {97C3A033-9BE1-4294-9046-227C5FE6B361} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {AC0C9700-974A-41A3-BE36-3A71C68FF167} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B464906C-BC5F-4DDB-B851-78FA19E03CD5} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {CB1252F0-9695-437C-9CFC-B624BBA6A828} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E309A075-D52B-40BE-8F45-C3C40C5055BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {EC15997B-9A9D-4AF2-81E6-917E005E61F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsarah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 17:50 - 2014-08-11 17:49 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 00:27:30 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/21/2014 00:27:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/21/2014 00:25:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/21/2014 00:25:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/21/2014 11:18:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/21/2014 11:18:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/20/2014 05:44:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/20/2014 05:35:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/20/2014 05:35:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/20/2014 05:02:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

System errors:
=============
Error: (08/21/2014 00:27:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yontoo Desktop Updater service failed to start due to the following error:
%%2

Error: (08/21/2014 00:25:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yontoo Desktop Updater service failed to start due to the following error:
%%2

Error: (08/21/2014 11:18:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yontoo Desktop Updater service failed to start due to the following error:
%%2

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2014 00:16:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (08/21/2014 00:27:30 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/21/2014 00:27:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/21/2014 00:25:36 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/21/2014 00:25:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/21/2014 11:18:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/21/2014 11:18:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/20/2014 05:44:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/20/2014 05:35:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/20/2014 05:35:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

Error: (08/20/2014 05:02:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: sarah-HP)
Description: Access is denied.

==================== Memory info ===========================

Processor: AMD A4-3420 APU with Radeon™ HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 3570.86 MB
Available physical RAM: 2375.63 MB
Total Pagefile: 7139.89 MB
Available Pagefile: 5865.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.1 GB) (Free:871.45 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.32 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.84 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9D7FAF89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 692D1642)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 21 August 2014 - 07:37 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   2.17KB   11 downloads

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 22 August 2014 - 05:50 AM

Here are the details from Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by sarah at 2014-08-22 11:44:50 Run:1
Running from C:\Windows\System32\config\systemprofile\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-11] ()
C:\Program Files (x86)\AVG SafeGuard toolbar
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-03-24] (EasyBits Software Corp.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-06]
C:\ProgramData\AVG SafeGuard toolbar
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\sarah\AppData\Roaming\Yontoo\YontooDesktop.exe"
C:\Users\sarah\AppData\Roaming\Yontoo
2014-08-11 17:50 - 2014-08-11 17:49 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

 

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Internet Helper Anti-phishing => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
"HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E54729E8-BB3D-4270-9D49-7389EA579090} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar => Moved successfully.
vToolbarUpdater18.1.9 => Service stopped successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
Yontoo Desktop Updater => Service deleted successfully.
C:\Users\sarah\AppData\Roaming\Yontoo => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Moved successfully.

==== End of Fixlog ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 23 August 2014 - 04:29 PM

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 23 August 2014 - 07:00 PM

Here are the details from RKreport

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sarah [Admin rights]
Mode : Scan -- Date : 08/24/2014  00:52:14

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] mdhpSUN.exe -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Magic Desktop for HP

notification : "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 

-> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 

-> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-9YN162 SATA Disk Device +++++
--- User ---
[MBR] f04b5c7eadd9d0df51ab527e57607a6e
[BSP] 35fd8b214ce399c7ee5688fd34643df3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206911 | Size: 942180 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929791488 | Size: 11587 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 24 August 2014 - 03:26 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click ShortCutFix 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 August 2014 - 06:24 PM

I re-scanned and pressed delete and have attached the latest report. With regards to ShortCutFix, I can't find that option. All I have is Scan, Delete and Report. I tried to attach a screenshot but can't find a way of doing that. Looking on the internet it appears that previous versions of RogueKiller have the ShortCutFix option but not the version I'm using which is 9.2.8.0 [X64].

 

Here's the latest RKreport

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sarah [Admin rights]
Mode : Remove -- Date : 08/24/2014  23:49:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Magic Desktop for HP notification : "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [x] -> DELETED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-9YN162 SATA Disk Device +++++
--- User ---
[MBR] f04b5c7eadd9d0df51ab527e57607a6e
[BSP] 35fd8b214ce399c7ee5688fd34643df3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206911 | Size: 942180 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929791488 | Size: 11587 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_08242014_005214.log - RKreport_SCN_08242014_234514.log



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 25 August 2014 - 03:46 PM

 

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

I need for you to run Roguekiller again and make sure to select these then press delete and post that log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 25 August 2014 - 05:30 PM

Here is the latest RKreport after deleting the above entries. Although I deleted them it shows as replaced.

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sarah [Admin rights]
Mode : Remove -- Date : 08/25/2014  23:26:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> REPLACED (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> REPLACED (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> REPLACED (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> REPLACED (2)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-9YN162 SATA Disk Device +++++
--- User ---
[MBR] f04b5c7eadd9d0df51ab527e57607a6e
[BSP] 35fd8b214ce399c7ee5688fd34643df3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206911 | Size: 942180 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929791488 | Size: 11587 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_08242014_234920.log - RKreport_SCN_08242014_005214.log - RKreport_SCN_08242014_234514.log - RKreport_SCN_08242014_235618.log
RKreport_SCN_08252014_232535.log



#12 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 25 August 2014 - 05:44 PM

Further to my last post, I can no longer logon to the user account in normal mode. I get the error "The User Profile Service service failed the logon. User profile cannot be loaded"

 

The good news is that I can logon to the user account in Safe Mode.



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 25 August 2014 - 06:16 PM

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

2.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 stevieddj1

stevieddj1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 26 August 2014 - 04:30 AM

I couldn't run those two programs at first because I couldn't logon to the user account in normal mode as stated in my previous post. I tried to install and run them in Safe Mode but it wouldn't let me.

 

I edited the registry as detailed in a Youtube video from Britech and I could then logon to the user account in normal mode.

 

On the normal desktop the programs ran successfully.

 

The computer appears to be back to normal. The missing icons and favourites have returned.

 

Many thanks for your help.

 

 

 

Here are the logs that you requested.

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
sarah :: SARAH-HP [administrator]

26/08/2014 09:01:03
mbar-log-2014-08-26 (09-01-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 347096
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.795000 GHz
Memory total: 3744313344, free: 2211520512

Downloaded database version: v2014.08.26.01
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
------------ Kernel report ------------
     08/26/2014 08:59:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\drivers\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005b18590
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8005b11060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004579060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000058\
Lower Device Object: 0xfffffa80043329c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004579060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004579ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004579060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800431f040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80043329c0, DeviceName: \Device\00000058\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9D7FAF89

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206911  Numsec = 1929584577

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1929791488  Numsec = 23730176

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005b18590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b19630, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b18590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b11060, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan Interrupted
Scan was aborted.
=======================================
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005b18590
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8005b11060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004579060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000058\
Lower Device Object: 0xfffffa80043329c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9D7FAF89

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206911  Numsec = 1929584577

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1929791488  Numsec = 23730176

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005b18590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b19630, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b18590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b11060, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

 

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: SARAH-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\sarah
Current Profile SID: S-1-5-21-892204274-474714127-1788138358-1000
Current Profile Classes: S-1-5-21-892204274-474714127-1788138358-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\sarah\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:05:43

Process Count: 66
Commit Total: 1.59 GB
Commit Limit: 6.97 GB
Commit Peak: 2.10 GB
Handle Count: 20336
Kernel Total: 225.15 MB
Kernel Paged: 175.82 MB
Kernel Non Paged: 49.33 MB
System Cache: 1.50 GB
Thread Count: 900
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.49 GB
Memory Used: 1.26 GB(36.1689%)
Memory Avail.: 2.23 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.49 GB
Memory Used: 1.04 GB(29.8713%)
Memory Avail.: 2.45 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (26/08/2014 09:50:51)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (26/08/2014 09:50:54)
   Running Repair Under Current User Account
   Done (26/08/2014 09:51:00)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (26/08/2014 09:51:00)
   Running Repair Under System Account
   Done (26/08/2014 09:53:25)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (26/08/2014 09:53:25)
   Running Repair Under System Account
   Done (26/08/2014 09:54:13)

03 - Reset Service Permissions
   Start (26/08/2014 09:54:13)
   Running Repair Under System Account
   Done (26/08/2014 09:54:23)

04 - Register System Files
   Start (26/08/2014 09:54:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:54:54)

05 - Repair WMI
   Start (26/08/2014 09:54:54)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   AVG AntiVirus Free Edition 2014 Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   AVG AntiVirus Free Edition 2014 Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (26/08/2014 09:57:05)

06 - Repair Windows Firewall
   Start (26/08/2014 09:57:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:57:39)

07 - Repair Internet Explorer
   Start (26/08/2014 09:57:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:58:09)

08 - Repair MDAC/MS Jet
   Start (26/08/2014 09:58:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:58:19)

09 - Repair Hosts File
   Start (26/08/2014 09:58:19)
   Running Repair Under System Account
   Done (26/08/2014 09:58:20)

10 - Remove Policies Set By Infections
   Start (26/08/2014 09:58:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:58:22)

11 - Repair Start Menu Icons Removed By Infections
   Start (26/08/2014 09:58:22)
   Running Repair Under System Account
   Done (26/08/2014 09:58:23)

12 - Repair Icons
   Start (26/08/2014 09:58:23)
   Running Repair Under Current User Account
   Done (26/08/2014 09:58:25)

13 - Repair Winsock & DNS Cache
   Start (26/08/2014 09:58:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:58:44)

15 - Repair Proxy Settings
   Start (26/08/2014 09:58:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:58:46)

17 - Repair Windows Updates
   Start (26/08/2014 09:58:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (26/08/2014 09:59:04)

18 - Repair CD/DVD Missing/Not Working
   Start (26/08/2014 09:59:04)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (26/08/2014 09:59:04)

19 - Repair Volume Shadow Copy Service
   Start (26/08/2014 09:59:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:24)

21 - Repair MSI (Windows Installer)
   Start (26/08/2014 09:59:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:35)

23.01 - Repair bat Association
   Start (26/08/2014 09:59:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:37)

23.02 - Repair cmd Association
   Start (26/08/2014 09:59:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:39)

23.03 - Repair com Association
   Start (26/08/2014 09:59:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:41)

23.04 - Repair Directory Association
   Start (26/08/2014 09:59:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:44)

23.05 - Repair Drive Association
   Start (26/08/2014 09:59:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:46)

23.06 - Repair exe Association
   Start (26/08/2014 09:59:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:48)

23.07 - Repair Folder Association
   Start (26/08/2014 09:59:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:51)

23.08 - Repair inf Association
   Start (26/08/2014 09:59:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:53)

23.09 - Repair lnk (Shortcuts) Association
   Start (26/08/2014 09:59:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:55)

23.10 - Repair msc Association
   Start (26/08/2014 09:59:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 09:59:57)

23.11 - Repair reg Association
   Start (26/08/2014 09:59:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:00)

23.12 - Repair scr Association
   Start (26/08/2014 10:00:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:02)

24 - Repair Windows Safe Mode
   Start (26/08/2014 10:00:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:04)

25 - Repair Print Spooler
   Start (26/08/2014 10:00:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:16)

26 - Restore Important Windows Services
   Start (26/08/2014 10:00:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:23)

27 - Set Windows Services To Default Startup
   Start (26/08/2014 10:00:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:28)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (26/08/2014 10:00:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (26/08/2014 10:00:31)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (26/08/2014 10:00:31)
   Total Repair Time: 00:09:41

...YOU MUST RESTART YOUR SYSTEM...



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:14 PM

Posted 26 August 2014 - 07:48 PM

Lets run one more scan for any leftovers.

 

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users