Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.ZBot.VXGen


  • This topic is locked This topic is locked
16 replies to this topic

#1 SteveHNo96

SteveHNo96

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 10 September 2014 - 11:20 PM

I really think I need help. AVG just caught this and it doesn't seem to want to remove it.

 

I just got this name from MalwareBytes, but from what I've heard, it's quite ornery. I don't need this messing up my computer.

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 11 September 2014 - 04:32 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 September 2014 - 07:22 AM

Got it....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Betty (administrator) on BETTY-PC on 18-09-2014 05:18:05
Running from C:\Users\Betty\Music
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [Facebook Update] => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-10] (Facebook Inc.)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-18] (SUPERAntiSpyware)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Betty\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9 --CMPID 0913a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {32281bfc-75d1-11e2-bcf0-f46d040aec26} - F:\LaunchU3.exe -a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {655a16da-80a6-11e0-87f0-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC4107D173DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?mtmhp=hyplogusaolp00000004
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.4-1310
HKLM\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652&ptb=0B4823BE-CD36-4EF5-9460-CD3EED68926E&ind=2014032109&n=780bb0ed&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {0899C4C5-F61A-43EA-A7F6-CCE055511E58} URL = http://isearch.shopathome.com?user_id={750738C2-7B01-4B79-9B98-433CB7E446FD}&q={searchTerms}
SearchScopes: HKCU - {490741D6-C358-4246-B3B1-2871790E1962} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
SearchScopes: HKCU - {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B9229261-6DF3-446C-9009-59A8C75F9E83}&mid=cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-12 11:43:34&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A6FE427E-EFEB-484D-84F2-1937CB820682} URL = http://www.search.ask.com/web?tpid=AVRV7&o=APN11068&pf=V7&p2=%5EB5N%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.7.0.2446&apn_uid=E972BD96-5AA8-4E7E-A2AB-D48AF77C485C&apn_ptnrs=%5EB5N&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_10.0.9200.16736&doi=2013-12-04&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652&ptb=0B4823BE-CD36-4EF5-9460-CD3EED68926E&ind=2014032109&n=780bb0ed&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80898&lng=en
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -  No File
Toolbar: HKCU - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 68.116.46.115 69.144.127.53

FireFox:
========
FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF Plugin: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: DeSopa - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\desopa@congress.public.xpi [2011-12-24]
FF Extension: Adblock Plus - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-05]
FF Extension: QuickJava - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635"
CHR DefaultSearchKeyword: Default -> D14BA286E029905C0225BCBF02D15C0E4CD7AFF775933AA6979D6C28D5E5C974
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-21]
CHR Extension: (Google Search) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-21]
CHR Extension: (Ataxx) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggphgiokpinojcbcjlllgfpccanileip [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Monolith Burger Boy) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbhpogkmlpjhpjmohlnpdojdcmelhfd [2013-10-03]
CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-21]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-14] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1459872 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 05:18 - 2014-09-18 05:18 - 00000000 ____D () C:\FRST
2014-09-11 13:27 - 2014-09-18 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 22:37 - 2014-03-06 08:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\procexp.exe
2014-09-10 22:13 - 2011-09-02 04:08 - 00094208 _____ () C:\Users\Betty\AppData\Local\common_functions.dll
2014-09-10 22:13 - 2011-08-26 03:09 - 00940544 _____ (Apache Software Foundation) C:\Users\Betty\AppData\Local\log4cxx.dll
2014-09-10 22:05 - 2014-05-12 08:27 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\autoruns.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:13 - 2014-09-10 21:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:06 - 2014-09-10 21:37 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:05 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:05 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:05 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:05 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:05 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:05 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:05 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:05 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:05 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:05 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:05 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:05 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:05 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:05 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:05 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:05 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:05 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:05 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:05 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:05 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:05 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:05 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:05 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:05 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-03 10:52 - 2014-09-03 10:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:04 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 01:04 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-22 07:01 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 07:01 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 07:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 07:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 05:18 - 2014-09-18 05:18 - 00000000 ____D () C:\FRST
2014-09-18 05:18 - 2011-05-17 10:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-18 05:17 - 2011-05-17 10:01 - 01627111 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 05:15 - 2012-04-11 06:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 05:14 - 2013-01-06 22:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-18 05:12 - 2011-05-20 16:22 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 05:12 - 2011-05-17 10:02 - 00000000 ____D () C:\Users\Betty
2014-09-18 05:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 05:12 - 2009-07-13 21:39 - 00065444 _____ () C:\Windows\setupact.log
2014-09-18 05:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-18 05:11 - 2014-06-30 14:24 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\VideoStripPokerHD
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 05:10 - 2014-09-11 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Video Strip Poker HD
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Common Files\TorquemadaGames
2014-09-18 05:10 - 2014-05-09 22:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 05:10 - 2012-05-09 07:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-18 05:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-09-18 01:38 - 2011-05-31 02:44 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-15 20:48 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:48 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:27 - 2013-10-15 19:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 13:26 - 2011-05-20 17:52 - 00000000 ____D () C:\Program Files\Java
2014-09-11 13:10 - 2011-05-20 16:22 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 10:44 - 2012-12-10 17:39 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job
2014-09-11 01:27 - 2014-06-29 01:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-11 00:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:42 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 22:50 - 2010-11-20 14:48 - 00313354 _____ () C:\Windows\PFRO.log
2014-09-10 21:37 - 2014-09-10 21:06 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:27 - 2013-09-29 10:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-10 21:23 - 2011-05-17 10:16 - 00000000 ____D () C:\Program Files\AVG
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:22 - 2014-03-12 11:42 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-10 21:21 - 2014-03-31 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-10 21:21 - 2011-05-27 00:54 - 00000000 ___HD () C:\$AVG
2014-09-10 21:20 - 2014-09-10 21:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:02 - 2010-11-20 14:01 - 00740322 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:59 - 2013-07-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:52 - 2011-05-20 17:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 16:44 - 2012-12-10 17:39 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job
2014-09-10 10:15 - 2012-04-11 06:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 10:15 - 2011-05-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 23:14 - 2012-01-21 10:40 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-07-01 10:18 - 00000000 ____D () C:\Users\Betty\AppData\Local\Adobe
2014-09-03 10:52 - 2011-06-19 13:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\Program Files\Adobe
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:09 - 2009-07-13 21:33 - 00312712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 00:50 - 2012-01-21 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 09:05 - 2014-03-10 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 03:34 - 2011-08-16 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-08-23 03:33 - 2014-06-25 16:41 - 00000000 ____D () C:\Users\Betty\AppData\Local\AskPartnerNetwork
2014-08-23 03:33 - 2014-03-10 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-08-22 18:46 - 2014-09-02 01:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 17:42 - 2014-09-02 01:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-08-19 10:39 - 2014-09-10 21:05 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

Files to move or delete:
====================
C:\Users\Betty\mbam-setup-1.61.0.1400.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 03:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Betty at 2014-09-18 05:19:37
Running from C:\Users\Betty\Music
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Angry Birds Space (HKLM\...\{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}) (Version: 1.0.0 - Rovio)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{5CA86DBC-3F01-09AF-C67C-99557DB3E1F5}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Big Money Deluxe 1.3 (HKLM\...\Big Money Deluxe 1.3) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Czech (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Greek (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Polish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Thai (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Turkish (Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
cheat-generator (HKCU\...\754f99ddbeb2449d) (Version: 1.0.0.12 - cheat-generator)
Civilization III Complete Edition (Version: 1.00.0000 - 2K Games) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Elements (HKLM\...\Elements) (Version: 1.1.0.0 - MumboJumbo)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fishdom (HKLM\...\Fishdom) (Version:  - Pogo.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heavy Weapon (HKLM\...\Heavy Weapon) (Version:  - PopCap Games)
Heroine's Quest version 1.2 (HKLM\...\{20C02693-C3CF-4A3A-939F-A44F001C3EF4}_is1) (Version: 1.2 - Screen 7)
HP Deskjet 1010 series Basic Device Software (HKLM\...\{B3AB3A67-2BCF-4A50-9FBF-4700DCFC5C45}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1010 series Help (HKLM\...\{BFB6C2B0-9643-4B59-A706-71DEB3017A99}) (Version: 30.0.0 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{600AB648-F79B-41EC-B426-A49A7DB121EA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Incinerations version 1.0 (HKLM\...\{15C2A1E0-09A8-4EF9-8EF7-7A4D4A007B3A}_is1) (Version: 1.0 - Box of Mystery)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Larry (HKLM\...\Larry) (Version: 2.1.2.0 - Replay Games Inc.)
Leisure Suit Larry 7 - Love for Sail! (HKLM\...\GOGPACKLARRY7WIN_is1) (Version: 2.0.0.11 - GOG.com)
Leisure Suit Larry Reloaded V1.01 (HKLM\...\{08FD469F-BC89-4982-8FB0-7633DBF092CE}) (Version: 1.01 - Replay Games Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Media Go Video Playback Engine 1.64.103.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.103.02270 - Sony)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.2.6.12389 - Sony Computer Entertainment Inc.)
Pogo Games (HKLM\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Product Improvement Study for HP Deskjet 1010 series (HKLM\...\{5FF72EA4-F641-44A7-97FE-E6A02C141738}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Space Quest 2 VGA 1.1 (HKLM\...\Space Quest 2 VGA) (Version:  - Infamous Adventures)
Strip Poker For Free - Rachel (HKLM\...\Strip Poker For Free) (Version:  - ©2008 Strip Poker Arts)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wcaiper (Version: 011.000.1647 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.3161 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0218 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (Version: 012.000.1508 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 wcaiper (Version: 013.000.1149 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1790 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Video Strip Poker Classic (HKLM\...\Video Strip Poker) (Version:  - ©2002-2007 Torquemada Games)
Video Strip Poker HD (HKLM\...\Video Strip Poker HD) (Version:  - Torquemada Games)
Video Strip Poker Supreme (HKLM\...\Video Strip Poker Supreme) (Version:  - Torquemada Games)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vohaul Strikes Back version 1.0.3.0 (HKLM\...\{90F3E0D4-E2F5-4420-8152-2C0B3CFD61BB}_is1) (Version: 1.0.3.0 - VSB team)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points  =========================

10-09-2014 07:17:14 Scheduled Checkpoint
11-09-2014 03:42:33 Windows Update
11-09-2014 04:09:27 Installed AVG 2015
11-09-2014 04:14:32 Installed AVG 2015
11-09-2014 09:26:02 9/11/14
11-09-2014 20:25:04 Removed Java 7 Update 67
11-09-2014 20:26:36 Installed Java 7 Update 67
18-09-2014 12:00:03 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015E77C7-1A09-44B1-97C6-7B0B7035DAA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CCC7066-3BD9-4CBF-9E5B-89F6100FFE3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {2DD77A9C-1DEC-4BB6-A097-E270929B8C4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {4AAE2113-E803-49D0-8273-3BD7DB7D2AF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {519A31DB-BB1B-40C3-ACEF-16376B7D5910} - System32\Tasks\HP AR Program Upload - b8aff90fe9b046469cfbb0d953b680886dd5f41e16934b5bb73976d1b87c790f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7E3B8A6D-7415-479E-ACCA-AE04CB050EFF} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {8C938260-7C08-44B9-8A9A-4A0B563ABF78} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {97050CE7-786A-439B-8731-3D7452DDAA03} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {99234CC6-D3D8-4BCF-8370-CB1AF9C9627A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {A353F1CC-ADD2-47C3-BFD1-99D6C564316C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {AC1BA06C-DEBE-439D-8E1F-578029EDAFA1} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {B0CB800A-6247-4F29-AEEC-FF9679B8A06E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF4401A-B0A9-41AC-9E7C-DA8B85896612} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:364682BC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 05:15:05 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (09/18/2014 05:14:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/18/2014 05:13:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 02:53:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 02:53:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 00:40:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: Flash32_15_0_0_152.ocx, version: 15.0.0.152, time stamp: 0x53fe7f17
Exception code: 0xc0000005
Fault offset: 0x0065f440
Faulting process id: 0x97e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/17/2014 10:56:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/17/2014 03:10:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/17/2014 03:09:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/16/2014 03:08:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (09/18/2014 05:14:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/18/2014 05:13:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/18/2014 05:12:33 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (09/15/2014 05:14:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/15/2014 05:13:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:11:05 PM on ‎9/‎15/‎2014 was unexpected.

Error: (09/15/2014 04:05:24 PM) (Source: DCOM) (EventID: 10016) (User: Betty-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Betty-PCBettyS-1-5-21-78884122-3446765950-2180571852-1000LocalHost (Using LRPC)

Error: (09/15/2014 04:05:24 PM) (Source: DCOM) (EventID: 10016) (User: Betty-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Betty-PCBettyS-1-5-21-78884122-3446765950-2180571852-1000LocalHost (Using LRPC)

Error: (09/15/2014 00:16:27 AM) (Source: DCOM) (EventID: 10016) (User: Betty-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Betty-PCBettyS-1-5-21-78884122-3446765950-2180571852-1000LocalHost (Using LRPC)

Error: (09/15/2014 00:16:27 AM) (Source: DCOM) (EventID: 10016) (User: Betty-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Betty-PCBettyS-1-5-21-78884122-3446765950-2180571852-1000LocalHost (Using LRPC)

Error: (09/14/2014 09:45:29 PM) (Source: DCOM) (EventID: 10016) (User: Betty-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Betty-PCBettyS-1-5-21-78884122-3446765950-2180571852-1000LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (05/11/2014 11:32:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1161 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/09/2014 03:19:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50920 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 06:54:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 449 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 07:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/25/2013 09:57:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/23/2012 03:27:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127496 seconds with 1020 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 51%
Total physical RAM: 3326.18 MB
Available physical RAM: 1607.44 MB
Total Pagefile: 6650.65 MB
Available Pagefile: 4849.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:622.79 GB) NTFS
Drive e: (DISK1) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6BDA37CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 18 September 2014 - 08:02 AM

AVG just caught this and it doesn't seem to want to remove it.

Can you please post the log file of AVG that shows what exactly has been found.


Also:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#5 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 September 2014 - 10:29 AM

Malwarebytes caught and removed it but I may still have malware (see my other discussion)

I had that virus professionally removed (I.e. They opted to delete the virus vault). I will have a log tonight.

#6 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 September 2014 - 02:53 PM

"";"Trojan horse Crypt3.AMOH, C:\Users\Betty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGWL1DEW\Label_US_Rancho_Cucamonga_91701.exe";"Healed";"File or Directory";"9/10/2014, 10:03:28 PM"
"";"Trojan horse Crypt3.AMOH, C:\Users\Betty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGWL1DEW\Label_US_Rancho_Cucamonga_91701.exe:\Label_US_Rancho_Cucamonga_91701.exe";"Healed";"Embedded element in the archive, email attachment, cookie etc.";"9/10/2014, 10:03:28 PM"

 

^ this was a log from 10:03 P.M. on September 10, 2014 (I did find one)

 

"Trojan horse Crypt3.AMYO, c:\Users\Betty\AppData\Local\Temp\UpdateFlashPlayer_2986310c.exe";"Secured";"9/10/2014, 8:58:14 PM";"File or Directory";"c:\Program Files\Malwarebytes Anti-Malware\mbam.exe"

"Trojan horse Crypt3.AMYO, c:\Users\Betty\AppData\Local\Temp\UpdateFlashPlayer_ae87ceff.exe";"Secured";"9/10/2014, 8:58:14 PM";"File or Directory";"c:\Program Files\Malwarebytes Anti-Malware\mbam.exe"

(resident shield log, 8:58 P.M. September 10, 2014. )

 


Edited by SteveHNo96, 18 September 2014 - 03:04 PM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 18 September 2014 - 03:50 PM

Ok, I'm waiting for the log from ESET Online Scanner.

#8 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 18 September 2014 - 09:05 PM

One ESET log coming up!! This has the log from every time I ran it. The last one is a full run. (I was interrupted by my Mom a few times due to a death in the family)
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4295de958e6a664b990c70580748b497
# engine=20220
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-18 08:25:20
# local_time=2014-09-18 01:25:20 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12926595 162616711 0 0
# scanned=121789
# found=15
# cleaned=0
# scan_time=1875
sh=B3A05529BD6FC8BCA462FD4E697590344BD9A3EB ft=1 fh=9e2e321e9a9a360b vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir"
sh=264F1B6B13C767BAF34C2F257425CF90A08E87F7 ft=1 fh=7ac6be2d62178e5d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir"
sh=502B818DCD72A2C334471C3965805F1B4F01209C ft=1 fh=ddc42776ef6ae1ef vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=7A98D5DF3A550624C53E1CFE32CD5CDB3423CF58 ft=1 fh=97dac383025e7494 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0A4C5056.exe.vir"
sh=5E34BA5C499D9C8E9AC9625E469A8CC84ACF6805 ft=1 fh=cdf6ffea31ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=6F6C01D6FCFA9C72ED6FDD6155731CCF5D635363 ft=1 fh=90fd28591db470f3 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=FC21B7A9AE7CA50096991F435094F004566FA38A ft=1 fh=d2e68771c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Betty\AppData\Local\Temp\SetD7D9.tmp"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe"
sh=70CFD1695C235B230CEE863E6D3153B4CBCBE124 ft=1 fh=21bdcb46e0381c94 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\ArcadeCandyGames.exe"
sh=67EFA17F379A1A02FE065607ADC53ED63A6B6C33 ft=1 fh=8b0bf2dac1bfb163 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\cnet_7z922_exe.exe"
sh=26596C16C3B4B62664C7042BA3F23D6C646AC730 ft=1 fh=7fd31d9885c9dbb6 vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Betty\Downloads\OffercastInstaller_AVR_U-0090-01-P_.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Betty\Downloads\OffercastInstaller_AVR_U-0363-01-P_.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4295de958e6a664b990c70580748b497
# engine=20220
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-18 09:14:25
# local_time=2014-09-18 02:14:25 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12929540 162619656 0 0
# scanned=10074
# found=8
# cleaned=0
# scan_time=332
sh=B3A05529BD6FC8BCA462FD4E697590344BD9A3EB ft=1 fh=9e2e321e9a9a360b vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir"
sh=264F1B6B13C767BAF34C2F257425CF90A08E87F7 ft=1 fh=7ac6be2d62178e5d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir"
sh=502B818DCD72A2C334471C3965805F1B4F01209C ft=1 fh=ddc42776ef6ae1ef vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=7A98D5DF3A550624C53E1CFE32CD5CDB3423CF58 ft=1 fh=97dac383025e7494 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0A4C5056.exe.vir"
sh=5E34BA5C499D9C8E9AC9625E469A8CC84ACF6805 ft=1 fh=cdf6ffea31ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=6F6C01D6FCFA9C72ED6FDD6155731CCF5D635363 ft=1 fh=90fd28591db470f3 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=FC21B7A9AE7CA50096991F435094F004566FA38A ft=1 fh=d2e68771c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4295de958e6a664b990c70580748b497
# engine=20220
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-18 09:24:42
# local_time=2014-09-18 02:24:42 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12930157 162620273 0 0
# scanned=21340
# found=9
# cleaned=0
# scan_time=549
sh=B3A05529BD6FC8BCA462FD4E697590344BD9A3EB ft=1 fh=9e2e321e9a9a360b vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir"
sh=264F1B6B13C767BAF34C2F257425CF90A08E87F7 ft=1 fh=7ac6be2d62178e5d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir"
sh=502B818DCD72A2C334471C3965805F1B4F01209C ft=1 fh=ddc42776ef6ae1ef vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=7A98D5DF3A550624C53E1CFE32CD5CDB3423CF58 ft=1 fh=97dac383025e7494 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0A4C5056.exe.vir"
sh=DD5EECAF48EADA9B485EC85A81973F33ADFD6032 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Inbox.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\inboxcomtoolbar@inbox.com\chrome\ibxcomtb.jar.vir"
sh=5E34BA5C499D9C8E9AC9625E469A8CC84ACF6805 ft=1 fh=cdf6ffea31ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=6F6C01D6FCFA9C72ED6FDD6155731CCF5D635363 ft=1 fh=90fd28591db470f3 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=FC21B7A9AE7CA50096991F435094F004566FA38A ft=1 fh=d2e68771c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4295de958e6a664b990c70580748b497
# engine=20223
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-19 02:03:21
# local_time=2014-09-18 07:03:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12946876 162636992 0 0
# scanned=325297
# found=19
# cleaned=0
# scan_time=7732
sh=B3A05529BD6FC8BCA462FD4E697590344BD9A3EB ft=1 fh=9e2e321e9a9a360b vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir"
sh=264F1B6B13C767BAF34C2F257425CF90A08E87F7 ft=1 fh=7ac6be2d62178e5d vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir"
sh=502B818DCD72A2C334471C3965805F1B4F01209C ft=1 fh=ddc42776ef6ae1ef vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe.vir"
sh=7A98D5DF3A550624C53E1CFE32CD5CDB3423CF58 ft=1 fh=97dac383025e7494 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0A4C5056.exe.vir"
sh=DD5EECAF48EADA9B485EC85A81973F33ADFD6032 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Inbox.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\inboxcomtoolbar@inbox.com\chrome\ibxcomtb.jar.vir"
sh=5E34BA5C499D9C8E9AC9625E469A8CC84ACF6805 ft=1 fh=cdf6ffea31ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=6F6C01D6FCFA9C72ED6FDD6155731CCF5D635363 ft=1 fh=90fd28591db470f3 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=FC21B7A9AE7CA50096991F435094F004566FA38A ft=1 fh=d2e68771c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Betty\AppData\Local\Temp\SetD7D9.tmp"
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Betty\AppData\LocalLow\AskToolbar\setup.exe"
sh=70CFD1695C235B230CEE863E6D3153B4CBCBE124 ft=1 fh=21bdcb46e0381c94 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\ArcadeCandyGames.exe"
sh=67EFA17F379A1A02FE065607ADC53ED63A6B6C33 ft=1 fh=8b0bf2dac1bfb163 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\cnet_7z922_exe.exe"
sh=26596C16C3B4B62664C7042BA3F23D6C646AC730 ft=1 fh=7fd31d9885c9dbb6 vn="a variant of Win32/Toolbar.Conduit.AI potentially unwanted application" ac=I fn="C:\Users\Betty\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Betty\Downloads\OffercastInstaller_AVR_U-0090-01-P_.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Betty\Downloads\OffercastInstaller_AVR_U-0363-01-P_.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Betty\Pictures\BUS 581 pictures\ccsetup400.exe"
sh=C70872D7B4F48D529A179C0FA54AB65FB1B982F4 ft=1 fh=f2e2b15faf5e28f3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI7C19.tmp"
sh=F900184DCFE3A6F825E5B995124985906A9C573D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ[1].7z"

 

Edited by SteveHNo96, 19 September 2014 - 03:22 AM.


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 19 September 2014 - 06:34 AM

How is your computer running? Do your experience any problems or strange symptoms?


Please download this attached Attached File  fixlist.txt   1.44KB   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#10 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 19 September 2014 - 10:23 AM

How is your computer running? Do your experience any problems or strange symptoms?


Please download this attached attachicon.giffixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Betty at 2014-09-19 08:16:11 Run:1
Running from C:\Users\Betty\Music
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\Program Files\CouponAlert_2pEI\Installr
C:\Program Files\MyFunCards_5mEI
C:\Users\Betty\AppData\LocalLow\AskToolbar
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652&ptb=0B4823BE-CD36-4EF5-9460-CD3EED68926E&ind=2014032109&n=780bb0ed&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0899C4C5-F61A-43EA-A7F6-CCE055511E58} URL = http://isearch.shopathome.com?user_id={750738C2-7B01-4B79-9B98-433CB7E446FD}&q={searchTerms}
SearchScopes: HKCU - {A6FE427E-EFEB-484D-84F2-1937CB820682} URL = http://www.search.ask.com/web?tpid=AVRV7&o=APN11068&pf=V7&p2=%5EB5N%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.7.0.2446&apn_uid=E972BD96-5AA8-4E7E-A2AB-D48AF77C485C&apn_ptnrs=%5EB5N&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_10.0.9200.16736&doi=2013-12-04&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652&ptb=0B4823BE-CD36-4EF5-9460-CD3EED68926E&ind=2014032109&n=780bb0ed&psa=&st=sb&searchfor={searchTerms}
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF Plugin: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll ()
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files\CouponAlert_2pEI\Installr => Moved successfully.
C:\Program Files\MyFunCards_5mEI => Moved successfully.
C:\Users\Betty\AppData\LocalLow\AskToolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0899C4C5-F61A-43EA-A7F6-CCE055511E58}" => Key deleted successfully.
"HKCR\CLSID\{0899C4C5-F61A-43EA-A7F6-CCE055511E58}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A6FE427E-EFEB-484D-84F2-1937CB820682}" => Key deleted successfully.
"HKCR\CLSID\{A6FE427E-EFEB-484D-84F2-1937CB820682}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin" => Key deleted successfully.
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
"HKLM\Software\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin" => Key deleted successfully.
C:\Program Files\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll not found.

The strangest symptom I have is what I wrote on the other post I had on here.
 

When I go to rushlimbaugh.com using IE, sometimes one of the stories redirects me to a site I know is unsafe, asking me to update my flash player.

I have not tried this using Firefox and my flash player is up to date.           

 



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 19 September 2014 - 04:08 PM

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#12 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 19 September 2014 - 11:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Betty (administrator) on BETTY-PC on 19-09-2014 21:01:03
Running from C:\Users\Betty\Music
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [Facebook Update] => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-10] (Facebook Inc.)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-18] (SUPERAntiSpyware)
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Betty\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9 --CMPID 0913a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {32281bfc-75d1-11e2-bcf0-f46d040aec26} - F:\LaunchU3.exe -a
HKU\S-1-5-21-78884122-3446765950-2180571852-1000\...\MountPoints2: {655a16da-80a6-11e0-87f0-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1010 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC4107D173DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?mtmhp=hyplogusaolp00000004
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.4-1310
HKLM\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/?fr=befhp&type=ie-hp
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKCU - DefaultScope {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {490741D6-C358-4246-B3B1-2871790E1962} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds
SearchScopes: HKCU - {5662324D-1C26-48E8-9439-7ABA5C95D243} URL = http://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B9229261-6DF3-446C-9009-59A8C75F9E83}&mid=cdb87ed7b6b847d1a069252442ee05d5-aea549d34886b08fbc881b4b9d172f8a3547e9c9&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-12 11:43:34&v=18.1.9.799&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80898&lng=en
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -  No File
Toolbar: HKCU - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 68.116.46.115 69.144.127.53

FireFox:
========
FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: DeSopa - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\desopa@congress.public.xpi [2011-12-24]
FF Extension: Adblock Plus - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-05]
FF Extension: QuickJava - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\iw2dwngx.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140105,19670,0,IE11,7635"
CHR DefaultSearchKeyword: Default -> D14BA286E029905C0225BCBF02D15C0E4CD7AFF775933AA6979D6C28D5E5C974
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-21]
CHR Extension: (Google Search) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-21]
CHR Extension: (Ataxx) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggphgiokpinojcbcjlllgfpccanileip [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Monolith Burger Boy) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbhpogkmlpjhpjmohlnpdojdcmelhfd [2013-10-03]
CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-21]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-14] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1459872 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 09:21 - 2014-09-18 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-18 05:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 05:18 - 2014-09-19 21:01 - 00000000 ____D () C:\FRST
2014-09-11 13:27 - 2014-09-18 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 22:37 - 2014-03-06 08:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\procexp.exe
2014-09-10 22:13 - 2011-09-02 04:08 - 00094208 _____ () C:\Users\Betty\AppData\Local\common_functions.dll
2014-09-10 22:13 - 2011-08-26 03:09 - 00940544 _____ (Apache Software Foundation) C:\Users\Betty\AppData\Local\log4cxx.dll
2014-09-10 22:05 - 2014-05-12 08:27 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Betty\Documents\autoruns.exe
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:13 - 2014-09-10 21:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:06 - 2014-09-10 21:37 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:05 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:05 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:05 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:05 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:05 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:05 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:05 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:05 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:05 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:05 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:05 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:05 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:05 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:05 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:05 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:05 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:05 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:05 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:05 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:05 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:05 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:05 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:05 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:05 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:05 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:05 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:05 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:11 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-03 10:52 - 2014-09-18 20:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:04 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 01:04 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-22 07:01 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 07:01 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 07:01 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 07:01 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 07:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 07:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:01 - 2014-09-18 05:18 - 00000000 ____D () C:\FRST
2014-09-19 20:54 - 2014-06-29 01:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-19 20:40 - 2011-05-17 10:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 20:15 - 2012-04-11 06:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 20:10 - 2011-05-20 16:22 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 19:44 - 2012-12-10 17:39 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job
2014-09-19 17:17 - 2013-01-06 22:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-19 17:10 - 2011-05-20 16:22 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 16:44 - 2012-12-10 17:39 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job
2014-09-19 08:16 - 2011-10-31 16:37 - 00000000 ____D () C:\Program Files\CouponAlert_2pEI
2014-09-19 07:04 - 2011-05-20 16:22 - 00000000 ____D () C:\Users\Betty\AppData\Local\Google
2014-09-19 07:03 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 07:03 - 2009-07-13 21:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 07:00 - 2011-05-17 10:01 - 01671692 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 06:55 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 06:55 - 2009-07-13 21:39 - 00065556 _____ () C:\Windows\setupact.log
2014-09-18 20:30 - 2014-09-03 10:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 09:21 - 2014-09-18 09:21 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-18 09:21 - 2014-09-18 09:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-18 09:21 - 2014-09-11 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-18 05:23 - 2014-01-29 02:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-18 05:21 - 2014-06-23 16:13 - 00000000 ____D () C:\AdwCleaner
2014-09-18 05:12 - 2011-05-17 10:02 - 00000000 ____D () C:\Users\Betty
2014-09-18 05:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-18 05:11 - 2014-06-30 14:24 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\VideoStripPokerHD
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Video Strip Poker HD
2014-09-18 05:10 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Common Files\TorquemadaGames
2014-09-18 05:10 - 2014-05-09 22:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 05:10 - 2012-05-09 07:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-18 05:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-09-18 01:38 - 2011-05-31 02:44 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-11 13:27 - 2013-10-15 19:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 13:26 - 2011-05-20 17:52 - 00000000 ____D () C:\Program Files\Java
2014-09-11 00:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:42 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 22:50 - 2010-11-20 14:48 - 00313354 _____ () C:\Windows\PFRO.log
2014-09-10 21:37 - 2014-09-10 21:06 - 00000000 ____D () C:\Users\Betty\AppData\Local\Avg2015
2014-09-10 21:27 - 2013-09-29 10:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-10 21:23 - 2011-05-17 10:16 - 00000000 ____D () C:\Program Files\AVG
2014-09-10 21:22 - 2014-09-10 21:22 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\AVG2015
2014-09-10 21:22 - 2014-03-12 11:42 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-09-10 21:21 - 2014-03-31 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-10 21:21 - 2011-05-27 00:54 - 00000000 ___HD () C:\$AVG
2014-09-10 21:20 - 2014-09-10 21:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-10 21:19 - 2014-09-10 21:19 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-10 21:02 - 2010-11-20 14:01 - 00740322 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:59 - 2013-07-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:52 - 2011-05-20 17:35 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 10:15 - 2012-04-11 06:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 10:15 - 2011-05-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 23:14 - 2012-01-21 10:40 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 10:52 - 2014-09-03 10:52 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-03 10:52 - 2014-07-01 10:18 - 00000000 ____D () C:\Users\Betty\AppData\Local\Adobe
2014-09-03 10:52 - 2011-06-19 13:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-03 10:51 - 2011-05-23 13:52 - 00000000 ____D () C:\Program Files\Adobe
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\temp
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Betty\AppData\Roaming\TeamViewer
2014-09-02 01:09 - 2009-07-13 21:33 - 00312712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 00:50 - 2012-01-21 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 09:05 - 2014-03-10 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-08-26 12:19 - 2014-08-26 12:19 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-26 12:18 - 2014-08-26 12:18 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-23 03:34 - 2011-08-16 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-08-23 03:33 - 2014-06-25 16:41 - 00000000 ____D () C:\Users\Betty\AppData\Local\AskPartnerNetwork
2014-08-23 03:33 - 2014-03-10 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-08-22 18:46 - 2014-09-02 01:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 17:42 - 2014-09-02 01:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys

Files to move or delete:
====================
C:\Users\Betty\mbam-setup-1.61.0.1400.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 03:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Betty at 2014-09-19 21:01:48
Running from C:\Users\Betty\Music
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Angry Birds Space (HKLM\...\{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}) (Version: 1.0.0 - Rovio)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{5CA86DBC-3F01-09AF-C67C-99557DB3E1F5}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Big Money Deluxe 1.3 (HKLM\...\Big Money Deluxe 1.3) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Czech (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Greek (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Polish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Thai (Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Turkish (Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
cheat-generator (HKCU\...\754f99ddbeb2449d) (Version: 1.0.0.12 - cheat-generator)
Civilization III Complete Edition (Version: 1.00.0000 - 2K Games) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Elements (HKLM\...\Elements) (Version: 1.1.0.0 - MumboJumbo)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fishdom (HKLM\...\Fishdom) (Version:  - Pogo.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heavy Weapon (HKLM\...\Heavy Weapon) (Version:  - PopCap Games)
Heroine's Quest version 1.2 (HKLM\...\{20C02693-C3CF-4A3A-939F-A44F001C3EF4}_is1) (Version: 1.2 - Screen 7)
HP Deskjet 1010 series Basic Device Software (HKLM\...\{B3AB3A67-2BCF-4A50-9FBF-4700DCFC5C45}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1010 series Help (HKLM\...\{BFB6C2B0-9643-4B59-A706-71DEB3017A99}) (Version: 30.0.0 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{600AB648-F79B-41EC-B426-A49A7DB121EA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Incinerations version 1.0 (HKLM\...\{15C2A1E0-09A8-4EF9-8EF7-7A4D4A007B3A}_is1) (Version: 1.0 - Box of Mystery)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Larry (HKLM\...\Larry) (Version: 2.1.2.0 - Replay Games Inc.)
Leisure Suit Larry 7 - Love for Sail! (HKLM\...\GOGPACKLARRY7WIN_is1) (Version: 2.0.0.11 - GOG.com)
Leisure Suit Larry Reloaded V1.01 (HKLM\...\{08FD469F-BC89-4982-8FB0-7633DBF092CE}) (Version: 1.01 - Replay Games Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Media Go Video Playback Engine 1.64.103.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.103.02270 - Sony)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.2.6.12389 - Sony Computer Entertainment Inc.)
Pogo Games (HKLM\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Product Improvement Study for HP Deskjet 1010 series (HKLM\...\{5FF72EA4-F641-44A7-97FE-E6A02C141738}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Space Quest 2 VGA 1.1 (HKLM\...\Space Quest 2 VGA) (Version:  - Infamous Adventures)
Strip Poker For Free - Rachel (HKLM\...\Strip Poker For Free) (Version:  - ©2008 Strip Poker Arts)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wcaiper (Version: 011.000.1647 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.3161 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0218 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (Version: 012.000.1508 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 wcaiper (Version: 013.000.1149 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1790 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Video Strip Poker Classic (HKLM\...\Video Strip Poker) (Version:  - ©2002-2007 Torquemada Games)
Video Strip Poker HD (HKLM\...\Video Strip Poker HD) (Version:  - Torquemada Games)
Video Strip Poker Supreme (HKLM\...\Video Strip Poker Supreme) (Version:  - Torquemada Games)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vohaul Strikes Back version 1.0.3.0 (HKLM\...\{90F3E0D4-E2F5-4420-8152-2C0B3CFD61BB}_is1) (Version: 1.0.3.0 - VSB team)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Betty\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-78884122-3446765950-2180571852-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points  =========================

10-09-2014 07:17:14 Scheduled Checkpoint
11-09-2014 03:42:33 Windows Update
11-09-2014 04:09:27 Installed AVG 2015
11-09-2014 04:14:32 Installed AVG 2015
11-09-2014 09:26:02 9/11/14
11-09-2014 20:25:04 Removed Java 7 Update 67
11-09-2014 20:26:36 Installed Java 7 Update 67
18-09-2014 12:00:03 Restore Operation
18-09-2014 12:33:18 Checkpoint by HitmanPro
18-09-2014 16:20:13 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015E77C7-1A09-44B1-97C6-7B0B7035DAA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0CCC7066-3BD9-4CBF-9E5B-89F6100FFE3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {2DD77A9C-1DEC-4BB6-A097-E270929B8C4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {4AAE2113-E803-49D0-8273-3BD7DB7D2AF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20] (Google Inc.)
Task: {519A31DB-BB1B-40C3-ACEF-16376B7D5910} - System32\Tasks\HP AR Program Upload - b8aff90fe9b046469cfbb0d953b680886dd5f41e16934b5bb73976d1b87c790f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7E3B8A6D-7415-479E-ACCA-AE04CB050EFF} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {8C938260-7C08-44B9-8A9A-4A0B563ABF78} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {97050CE7-786A-439B-8731-3D7452DDAA03} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {99234CC6-D3D8-4BCF-8370-CB1AF9C9627A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-10] (Facebook Inc.)
Task: {A353F1CC-ADD2-47C3-BFD1-99D6C564316C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {AC1BA06C-DEBE-439D-8E1F-578029EDAFA1} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {B0CB800A-6247-4F29-AEEC-FF9679B8A06E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF4401A-B0A9-41AC-9E7C-DA8B85896612} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000Core.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-78884122-3446765950-2180571852-1000UA.job => C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:364682BC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2014 08:21:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 12.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c74

Start Time: 01cfd41c9fc216e8

Termination Time: 15

Application Path: C:\Users\Betty\Music\FRST.exe

Report Id: 9a5f0c0b-4010-11e4-a91b-f46d040aec26

Error: (09/19/2014 06:57:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b64

Start Time: 01cfd4117699cf54

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e2cc3389-4004-11e4-a91b-f46d040aec26

Error: (09/19/2014 06:56:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2014 00:36:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2014 00:35:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 09:46:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 09:45:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/18/2014 09:22:25 AM) (Source: MsiInstaller) (EventID: 11719) (User: Betty-PC)
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (09/18/2014 05:15:05 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (09/18/2014 05:14:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Betty-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (09/19/2014 04:11:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (09/19/2014 04:11:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (09/19/2014 08:16:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/19/2014 08:16:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PGMTrusted service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/19/2014 08:16:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (05/11/2014 11:32:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1161 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/09/2014 03:19:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50920 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 06:54:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 449 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/13/2013 07:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/25/2013 09:57:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/23/2012 03:27:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127496 seconds with 1020 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 57%
Total physical RAM: 3326.18 MB
Available physical RAM: 1427.64 MB
Total Pagefile: 6650.65 MB
Available Pagefile: 3836.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:615.71 GB) NTFS
Drive e: (DISK1) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6BDA37CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#13 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 September 2014 - 03:55 AM

I don't know if this helps or not, but I think there's an incompatibility with the site or my IP address and either IE 11 or Windows 7. I went to the site using my laptop and got the same browser redirection.



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 22 September 2014 - 04:13 AM

Yes I don't see anything in the logs that indicates that the cause for this redirection is on your computer. This might be a problem on this particular website.
Other than that you don't experience any redirections or other problems?

#15 SteveHNo96

SteveHNo96
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 September 2014 - 04:09 AM

Yes I don't see anything in the logs that indicates that the cause for this redirection is on your computer. This might be a problem on this particular website.
Other than that you don't experience any redirections or other problems?

 

At this time, no I do not. I haven't had any redirections, major errors or anything. I have avoided the rushlimbaugh.com site excepting for the following dates:

18 September 2014 -- used desktop / system restore.

21 September 2014 -- used laptop / system restore.

would it be possible to keep this thread open for several days to see if anything recurs? I have not and will not use this site if that turns out to be the case.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users