Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! GoSave extension keeps coming back in Chrome!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ameva

Ameva

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 19 September 2014 - 10:14 PM

Hello, I am having this issue with GoSave extension which keeps coming back in Chrome no matter how many times I remove it. It is really frustrating because this is the only laptop I've got for my studies.

 

Every time I restart Chrome or Firefox, it returns. I have tried common methods which is going into Programs and uninstalling suspicious programs, but there is nothing more there. I have even went so far as to do a system reset to an earlier time, but no dice either. It is hiding somewhere. Plus, my AVG 2014 Free doesn't even detect it...

 

I've already exported all my chrome bookmarks, in case I need to uninstall and reinstall it. 

 

Thanks in advance for your help! 

 

 

Here is what I got from DDS:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.67.2
Run by Lucy Yan at 22:00:23 on 2014-09-19
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3893.2041 [GMT -5:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: RewardsArcade: {597A9974-8CB0-4f41-B61F-ED065738A397} - 
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_8B979E852C8E22C434BCC3107D28CE91] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.siu.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 74.81.99.1 74.81.99.2 192.168.1.1
TCP: Interfaces\{CD818DC9-2D2D-4841-B59D-89E83893B9E4} : DHCPNameServer = 74.81.99.1 74.81.99.2 192.168.1.1
TCP: Interfaces\{CD818DC9-2D2D-4841-B59D-89E83893B9E4}\6427F6E64796562713233313 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{CD818DC9-2D2D-4841-B59D-89E83893B9E4}\9516E602E4564777F627B6D27657563747 : DHCPNameServer = 74.81.99.1 74.81.99.2 192.168.33.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: avldr - <no file>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=apt3o8hkt4rrf
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFNEW2SB&ctid=CT3244149&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-09-07 22:51; firefox-hotfix@mozilla.org; C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\extensions\firefox-hotfix@mozilla.org.xpi
FF - ExtSQL: 2014-09-17 16:20; rboI@OfO.net; C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\extensions\rboI@OfO.net
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-5 55280]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-13 50976]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-6 98208]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-8-25 1417160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-20 2369720]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-12-30 621336]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-7-30 245760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-5 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-6 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-6 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 271872]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\l1c51x64.sys [2011-1-6 66600]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-12-30 14136]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-6 232992]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-12-30 90424]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-12-30 15160]
.
=============== Created Last 30 ================
.
2014-09-20 02:05:06 -------- d-----w- C:\FRST
2014-09-19 23:55:03 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Avg
2014-09-19 21:54:48 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-19 21:54:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-09-18 21:46:45 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-09-18 21:46:44 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-09-18 21:46:42 822384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-09-18 21:46:42 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-09-18 21:46:42 1022576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-09-16 03:17:03 -------- d-----w- C:\ProgramData\71ef9760b7a6fb6c
2014-09-16 03:17:01 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Torch
2014-09-16 03:17:01 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Chromatic Browser
2014-09-16 03:17:00 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Comodo
2014-09-15 22:09:22 -------- d-----w- C:\Program Files (x86)\MarkAny
2014-09-15 22:07:13 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Samsung
2014-09-15 22:07:06 -------- d-----w- C:\Users\Lucy Yan\AppData\Roaming\Samsung
2014-09-15 22:04:28 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2014-09-15 22:00:53 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2014-09-15 22:00:47 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2014-09-15 21:59:43 -------- d-----w- C:\Program Files (x86)\Samsung
2014-09-15 21:57:24 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Downloaded Installations
2014-09-15 20:12:31 -------- d-----w- C:\Program Files\SAMSUNG
2014-09-15 20:03:24 -------- d-----w- C:\ProgramData\Samsung
2014-08-27 05:49:21 -------- d-----w- C:\Program Files (x86)\AVG Security Toolbar
2014-08-27 05:49:16 -------- d-----w- C:\ProgramData\Avg_Update_0814tb
2014-08-25 08:30:36 -------- d-----w- C:\Users\Lucy Yan\AppData\Local\Programs
.
==================== Find3M  ====================
.
2014-09-10 03:33:47 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 03:33:47 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-12 01:02:36 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-11 21:13:08 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-06 15:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-22 02:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-30 17:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
.
============= FINISH: 22:00:55.80 ===============

Attached Files


Edited by Ameva, 19 September 2014 - 11:17 PM.


BC AdBot (Login to Remove)

 


m

#2 Ameva

Ameva
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 19 September 2014 - 11:56 PM

I'm deeply sorry for bumping this, but I seem to have found a solution. To test it, I restarted my laptop after doing this, and it appears to have worked. Here is what I did. It almost seems way too simple for me to believe that this got rid of the gosave extension/adware. 

 

1. In Chrome, I went to tools > extension

2. I checked the 'Developers Mode' box

3. Under the GoSave Extension, I saw the path of where the extension was stored. So I highlighted it, opened a my files, up in the pathway box, I pasted the path.

4. I found the extension files, and I deleted it

5. I did the similar thing for Firefox

6. Restarted my laptop

7. GoSave extension is gone, did not come back (*knock on wood*).

 

Can someone sort of verify this if this is a legitimate way to get rid of it? Will it come back?

 

I intend to be extremely more careful about downloads now, but this seems to be a (tentative) solution. Like I said, reading all the other people with the same Gosave problem, this makes me very suspicious that this is not the last I have seen of it. 

 

Just to check, I ran FRST in case any mod wants to check:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Lucy Yan (administrator) on LUCY on 19-09-2014 23:52:58
Running from C:\Users\Lucy Yan\Desktop\New folder
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1750629123-2206242229-4090520822-1002\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2011-03-31] (BitTorrent, Inc.)
HKU\S-1-5-21-1750629123-2206242229-4090520822-1002\...\Run: [GoogleChromeAutoLaunch_8B979E852C8E22C434BCC3107D28CE91] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-1750629123-2206242229-4090520822-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1750629123-2206242229-4090520822-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1750629123-2206242229-4090520822-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={82626E89-2FB1-4EA2-A333-1F512C2B1E63}&mid=9dec9a09470a47d6ab092104e4b76476-eb6c1661e03cb53ce8a9dbe4557ca0ef005d814b&lang=en&ds=AVG&coid=&pr=fr&d=2012-06-26 18:37:29&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={82626E89-2FB1-4EA2-A333-1F512C2B1E63}&mid=9dec9a09470a47d6ab092104e4b76476-eb6c1661e03cb53ce8a9dbe4557ca0ef005d814b&lang=en&ds=AVG&coid=&pr=fr&d=2012-06-26 18:37:29&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: RewardsArcade -> {597A9974-8CB0-4f41-B61F-ED065738A397} -> C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.siu.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 74.81.99.1 74.81.99.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: WhiteSmoke US New Customized Web Search
FF Homepage: hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=apt3o8hkt4rrf
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFNEW2SB&ctid=CT3244149&SearchSource=2&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Ghostery - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\firefox@ghostery.com [2013-11-09]
FF Extension: Flashblock - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-01-21]
FF Extension: Yahoo! Toolbar - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-01-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-12-19]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-07]
FF Extension: Missing e - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi [2012-05-25]
FF Extension: Tumblr Savior - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2013-01-25]
FF Extension: Personas Plus - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\personas@christopher.beard.xpi [2012-06-26]
FF Extension: NoScript - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-05-30]
FF Extension: Adblock Plus - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-28]
FF Extension: Download Statusbar - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-11-15]
FF Extension: Greasemonkey - C:\Users\Lucy Yan\AppData\Roaming\Mozilla\Firefox\Profiles\0tfnsuo9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-25]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-01-30]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://us-mg5.mail.yahoo.com/neo/launch?.rand=2o9b6tqnuq20q#mail"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-06]
CHR Extension: (Adblock Plus) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-09]
CHR Extension: (XKit) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-11-02]
CHR Extension: (AdBlock) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-18]
CHR Extension: (BeeLine Reader) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2014-01-21]
CHR Extension: (Save to Pocket) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Lucy Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [alkliadohfhkeiaegapefcdkcgjlfpkc] - C:\ProgramData\wxDownload\alkliadohfhkeiaegapefcdkcgjlfpkc.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-06-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [32768 2012-04-12] (Juniper Networks) [File not signed]
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [66600 2009-12-22] (Atheros Communications, Inc.)
S2 BrPar; \SystemRoot\System32\drivers\BrPar.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 22:17 - 2014-09-19 22:17 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\dds
2014-09-19 21:46 - 2014-09-19 21:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-19 21:36 - 2014-09-19 23:52 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\New folder
2014-09-19 21:26 - 2014-09-19 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lucy Yan\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-19 21:26 - 2014-09-19 21:26 - 00037420 _____ () C:\Users\Lucy Yan\Downloads\Result.txt
2014-09-19 21:24 - 2014-09-19 21:24 - 00401920 _____ (Farbar) C:\Users\Lucy Yan\Downloads\MiniToolBox.exe
2014-09-19 21:23 - 2014-09-19 21:24 - 00002751 _____ () C:\Users\Lucy Yan\Downloads\FSS.txt
2014-09-19 21:18 - 2014-09-19 21:18 - 00415232 _____ (Farbar) C:\Users\Lucy Yan\Downloads\FSS.exe
2014-09-19 21:14 - 2014-09-19 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lucy Yan\Downloads\iExplore.exe
2014-09-19 21:14 - 2014-09-19 21:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lucy Yan\Downloads\rkill.exe
2014-09-19 21:13 - 2014-09-19 21:13 - 00854417 _____ () C:\Users\Lucy Yan\Downloads\SecurityCheck.exe
2014-09-19 21:05 - 2014-09-19 23:53 - 00000000 ____D () C:\FRST
2014-09-19 20:27 - 2014-09-19 20:27 - 02347384 _____ (ESET) C:\Users\Lucy Yan\Downloads\esetsmartinstaller_enu.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00013002 _____ () C:\Users\Lucy Yan\Downloads\[kickass.to]kaspersky.anti.virus.2013.365.fully.licensed.torrent
2014-09-19 18:55 - 2014-09-19 18:55 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Avg
2014-09-19 18:55 - 2014-09-19 18:55 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Avg
2014-09-19 16:56 - 2014-09-19 16:56 - 00000000 _____ () C:\autoexec.bat
2014-09-19 16:54 - 2014-09-19 23:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-19 16:47 - 2014-09-19 16:48 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lucy Yan\Downloads\sh-remover (1).exe
2014-09-19 16:46 - 2014-09-19 16:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lucy Yan\Downloads\sh-remover.exe
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Google
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Google
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\ProgramData\71ef9760b7a6fb6c
2014-09-15 22:16 - 2014-09-15 22:16 - 00000000 ____D () C:\Users\Administrator
2014-09-15 19:06 - 2014-09-17 02:06 - 00000000 ____D () C:\Users\Lucy Yan\Documents\SelfMV
2014-09-15 17:39 - 2014-09-15 17:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-09-15 17:26 - 2014-09-15 17:26 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-09-15 17:09 - 2014-09-19 23:34 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-09-15 17:07 - 2014-09-19 05:46 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Roaming\Samsung
2014-09-15 17:07 - 2014-09-15 17:07 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Samsung
2014-09-15 17:06 - 2014-09-15 17:06 - 00000000 ____D () C:\Users\Lucy Yan\Documents\samsung
2014-09-15 17:04 - 2014-09-18 10:30 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-09-15 17:00 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-09-15 17:00 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-09-15 16:59 - 2014-09-19 23:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-15 16:57 - 2014-09-19 23:34 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Downloaded Installations
2014-09-15 15:12 - 2014-09-15 15:12 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-09-15 15:03 - 2014-09-17 02:45 - 00000000 ____D () C:\ProgramData\Samsung
2014-09-09 23:47 - 2014-09-19 20:58 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\res
2014-08-27 00:49 - 2014-08-27 00:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-27 00:49 - 2014-08-27 00:49 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-26 00:57 - 2014-09-08 16:41 - 00002784 _____ () C:\Users\Lucy
2014-08-21 02:06 - 2014-09-17 16:20 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\N475
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 23:53 - 2014-09-19 21:05 - 00000000 ____D () C:\FRST
2014-09-19 23:53 - 2011-01-05 23:21 - 00000000 ____D () C:\ProgramData\Temp
2014-09-19 23:52 - 2014-09-19 21:36 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\New folder
2014-09-19 23:51 - 2009-07-13 23:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 23:51 - 2009-07-13 23:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 23:48 - 2011-01-05 22:59 - 01173469 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 23:44 - 2011-03-31 01:01 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Roaming\uTorrent
2014-09-19 23:43 - 2013-10-15 19:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 23:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 23:42 - 2011-03-18 17:58 - 00047097 _____ () C:\Windows\setupact.log
2014-09-19 23:34 - 2014-09-19 16:54 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-19 23:34 - 2014-09-15 17:09 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-09-19 23:34 - 2014-09-15 16:59 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-19 23:34 - 2014-09-15 16:57 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Downloaded Installations
2014-09-19 23:34 - 2014-04-02 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-19 23:34 - 2014-02-01 01:22 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-19 23:34 - 2013-10-15 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-19 23:34 - 2013-01-19 01:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 23:34 - 2012-06-21 20:06 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\PhotoshopPortable
2014-09-19 23:34 - 2011-03-17 19:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 23:34 - 2011-01-20 14:33 - 00000000 ____D () C:\Users\Lucy Yan
2014-09-19 23:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-19 23:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 23:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-09-19 23:33 - 2012-07-01 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 23:11 - 2013-10-15 19:13 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 22:17 - 2014-09-19 22:17 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\dds
2014-09-19 21:46 - 2014-09-19 21:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-19 21:46 - 2011-01-21 21:31 - 00000286 __RSH () C:\Users\Lucy Yan\ntuser.pol
2014-09-19 21:45 - 2011-03-18 17:58 - 00364848 _____ () C:\Windows\PFRO.log
2014-09-19 21:37 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-19 21:31 - 2014-09-19 21:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lucy Yan\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-19 21:26 - 2014-09-19 21:26 - 00037420 _____ () C:\Users\Lucy Yan\Downloads\Result.txt
2014-09-19 21:24 - 2014-09-19 21:24 - 00401920 _____ (Farbar) C:\Users\Lucy Yan\Downloads\MiniToolBox.exe
2014-09-19 21:24 - 2014-09-19 21:23 - 00002751 _____ () C:\Users\Lucy Yan\Downloads\FSS.txt
2014-09-19 21:20 - 2011-01-20 16:35 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Mozilla
2014-09-19 21:18 - 2014-09-19 21:18 - 00415232 _____ (Farbar) C:\Users\Lucy Yan\Downloads\FSS.exe
2014-09-19 21:15 - 2014-09-19 21:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lucy Yan\Downloads\iExplore.exe
2014-09-19 21:14 - 2014-09-19 21:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lucy Yan\Downloads\rkill.exe
2014-09-19 21:13 - 2014-09-19 21:13 - 00854417 _____ () C:\Users\Lucy Yan\Downloads\SecurityCheck.exe
2014-09-19 20:58 - 2014-09-09 23:47 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\res
2014-09-19 20:27 - 2014-09-19 20:27 - 02347384 _____ (ESET) C:\Users\Lucy Yan\Downloads\esetsmartinstaller_enu.exe
2014-09-19 19:30 - 2011-01-21 10:26 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Roaming\Juniper Networks
2014-09-19 19:28 - 2014-08-08 14:05 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-09-19 19:28 - 2014-08-08 14:03 - 00000000 ____D () C:\ProgramData\DivX
2014-09-19 19:00 - 2014-09-19 19:00 - 00013002 _____ () C:\Users\Lucy Yan\Downloads\[kickass.to]kaspersky.anti.virus.2013.365.fully.licensed.torrent
2014-09-19 18:55 - 2014-09-19 18:55 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Avg
2014-09-19 18:55 - 2014-09-19 18:55 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Avg
2014-09-19 16:56 - 2014-09-19 16:56 - 00000000 _____ () C:\autoexec.bat
2014-09-19 16:48 - 2014-09-19 16:47 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lucy Yan\Downloads\sh-remover (1).exe
2014-09-19 16:46 - 2014-09-19 16:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lucy Yan\Downloads\sh-remover.exe
2014-09-19 05:46 - 2014-09-15 17:07 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Roaming\Samsung
2014-09-19 05:46 - 2011-01-05 23:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-18 17:39 - 2012-12-13 23:06 - 00000000 ____D () C:\ProgramData\wxDownload
2014-09-18 15:55 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 10:50 - 2012-06-22 11:29 - 00000132 _____ () C:\Users\Lucy Yan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-18 10:30 - 2014-09-15 17:04 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-09-17 16:20 - 2014-08-21 02:06 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\N475
2014-09-17 02:45 - 2014-09-15 15:03 - 00000000 ____D () C:\ProgramData\Samsung
2014-09-17 02:06 - 2014-09-15 19:06 - 00000000 ____D () C:\Users\Lucy Yan\Documents\SelfMV
2014-09-16 00:02 - 2014-08-14 01:42 - 00000000 ____D () C:\Users\Lucy Yan\Desktop\Lit Review
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Google
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Xiao Xin\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Google
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Comodo
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Ling Li\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-15 22:17 - 2014-09-15 22:17 - 00000000 ____D () C:\ProgramData\71ef9760b7a6fb6c
2014-09-15 22:17 - 2011-03-17 18:25 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Google
2014-09-15 22:17 - 2011-03-17 18:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-15 22:16 - 2014-09-15 22:16 - 00000000 ____D () C:\Users\Administrator
2014-09-15 17:39 - 2014-09-15 17:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-09-15 17:26 - 2014-09-15 17:26 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-09-15 17:07 - 2014-09-15 17:07 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\Samsung
2014-09-15 17:06 - 2014-09-15 17:06 - 00000000 ____D () C:\Users\Lucy Yan\Documents\samsung
2014-09-15 15:12 - 2014-09-15 15:12 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-09-11 23:45 - 2012-06-21 20:35 - 00001456 _____ () C:\Users\Lucy Yan\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-09-11 23:00 - 2011-04-02 22:34 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Local\WMTools Downloaded Files
2014-09-11 20:14 - 2013-10-15 19:16 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 19:59 - 2011-04-02 19:27 - 00022016 _____ () C:\Users\Lucy Yan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-09 22:33 - 2012-07-01 11:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 22:33 - 2012-07-01 11:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 22:33 - 2011-05-13 18:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-08 16:41 - 2014-08-26 00:57 - 00002784 _____ () C:\Users\Lucy
2014-09-02 09:16 - 2013-11-09 17:10 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 02:50 - 2014-08-08 19:14 - 00000000 ____D () C:\Users\Lucy Yan\Documents\Naru
2014-08-28 01:30 - 2014-08-01 19:25 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-27 20:30 - 2014-02-01 01:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 20:29 - 2014-03-20 16:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 00:49 - 2014-08-27 00:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-27 00:49 - 2014-08-27 00:49 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-08-25 23:35 - 2012-06-26 18:37 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-08-25 03:32 - 2011-03-17 18:47 - 00000000 ____D () C:\Users\Lucy Yan\AppData\Roaming\DVDVideoSoft
2014-08-25 03:31 - 2013-01-30 21:29 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-25 03:31 - 2011-03-26 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-22 17:44 - 2013-11-09 17:08 - 00000000 ____D () C:\ProgramData\AVG2014
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 14:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Lucy Yan at 2014-09-19 23:53:48
Running from C:\Users\Lucy Yan\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop 5.5 (HKLM-x32\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.24 - AVG)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Brother HL-5170DN (HKLM-x32\...\Brother HL-5170DN) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
FLV Player (HKLM-x32\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.0.0.17289 - Juniper Networks)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.8.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version:  - )
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Download Capture V2.6.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 2.6.6 - Apowersoft)
video4fuze 0.6 (HKLM-x32\...\video4fuze) (Version: 0.6 - ssorgatem productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.3 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1750629123-2206242229-4090520822-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
==================== Restore Points  =========================
 
06-09-2014 19:10:16 Scheduled Checkpoint
15-09-2014 21:58:30 Installed Samsung Kies
17-09-2014 07:44:19 Removed Samsung Kies
17-09-2014 21:32:03 Installed Samsung Kies3
19-09-2014 10:45:19 Removed Samsung Kies3
19-09-2014 21:55:13 Installed SpyHunter
20-09-2014 00:10:34 Removed SpyHunter
20-09-2014 00:17:52 Removed SpyHunter
20-09-2014 00:21:07 Removed SpyHunter
20-09-2014 03:58:41 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-07-11 17:59 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13E0E8E8-9A6D-4603-AA7D-06FB674CB225} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {15398D7A-3831-456D-8DAC-4EEA2EF320C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {25A47176-7E67-48B6-9654-092C11D9691A} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-11-30] (AVG)
Task: {3DD92276-FAF1-4962-8133-0367552C8DF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5CC3E7E3-07AB-4951-A9D4-0F446B0DC46B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8A1EC34A-CD88-4044-92A8-DA579C879AA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {9ECEE4C4-D2F7-455E-B648-C000F93D26C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {AEE393FD-44C6-432E-BF21-F29AB1DC3287} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C499DF0E-A933-492C-9FA7-9AC86ADE747C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
Task: {D316BEE6-6304-4119-BB0D-CC8B69DF67E0} - System32\Tasks\{DA887E29-10D3-4F62-845F-0AFDE27CA1AF} => C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe [2014-08-20] (DVDVideoSoft Ltd.)
Task: {F4BCF690-DF16-42BE-9C29-548D488AE109} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {F6D5BFD1-208E-4A67-9C81-F2D0B9C89C32} - System32\Tasks\{C7E361E3-F454-4091-BABB-CD77C00B9A12} => C:\Program Files\AVAST Software\Avast\AvastUI.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-20 16:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-11 20:02 - 2014-08-11 20:02 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-27 20:26 - 2014-08-27 20:26 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-06-26 18:37 - 2014-08-25 23:35 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-12-30 15:56 - 2013-12-04 11:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-08-11 20:02 - 2014-08-11 20:02 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2011-03-17 20:01 - 2010-11-30 18:26 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
2011-03-17 20:01 - 2010-11-30 18:26 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
2011-03-17 20:01 - 2010-11-30 18:26 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
2013-12-24 00:30 - 2014-03-25 09:31 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-07-30 15:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-11 20:14 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 20:14 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 20:14 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 20:14 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 20:14 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2014 11:39:11 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.
 
Error: (09/19/2014 11:13:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.
 
Error: (09/19/2014 10:58:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bc15a7e2-b7c1-46fe-ac49-247116ccf1a2}
 
Error: (09/19/2014 08:45:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (09/19/2014 07:28:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/19/2014 07:28:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 930
 
Start Time: 01cfd4666053d49a
 
Termination Time: 62
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
Report Id: 9f45e7d2-405c-11e4-9dd9-f04da2538d85
 
Error: (09/19/2014 07:21:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 07:17:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 07:10:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 04:55:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0c640bdc-1a4c-4f00-b350-49a9f0a93452}
 
 
System errors:
=============
Error: (09/19/2014 11:43:02 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (09/19/2014 11:36:23 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (09/19/2014 11:10:25 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (09/19/2014 09:45:58 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.
 
Error: (09/19/2014 09:44:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/19/2014 09:44:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/19/2014 09:44:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/19/2014 09:38:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (09/19/2014 09:37:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/19/2014 09:37:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/19/2014 11:39:11 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070005
 
Error: (09/19/2014 11:13:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070005
 
Error: (09/19/2014 10:58:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bc15a7e2-b7c1-46fe-ac49-247116ccf1a2}
 
Error: (09/19/2014 08:45:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Lucy Yan\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 07:28:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
 
Error: (09/19/2014 07:28:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spyhunter4.exe0.0.0.093001cfd4666053d49a62C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe9f45e7d2-405c-11e4-9dd9-f04da2538d85
 
Error: (09/19/2014 07:21:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 07:17:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 07:10:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ef03fdde-5459-4e8e-9c46-c783a8eab022}
 
Error: (09/19/2014 04:55:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1750629123-2206242229-4090520822-1002.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0c640bdc-1a4c-4f00-b350-49a9f0a93452}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3892.52 MB
Available physical RAM: 2105.39 MB
Total Pagefile: 7783.19 MB
Available Pagefile: 5670.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:372.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:8.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D700CC91)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 24 September 2014 - 09:20 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 13 October 2014 - 08:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users