Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

audio in the background


  • This topic is locked This topic is locked
14 replies to this topic

#1 tapcc13

tapcc13

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 24 September 2014 - 03:24 PM

i downloaded a video ripper and believe this is from where my problem stems. Audio in the form of music or commercials plays at random. its super annoying and slowing down the comp. And the ripper was detecting videos and downloading them as well. please help. i ran malware bytes.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 3:40:16 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.10
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314758
Time Elapsed: 17 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 16
PUP.Optional.InstallRex, C:\$Recycle.Bin\S-1-5-21-3045978007-3589222681-31509875-1000\$RV273E6.exe, Quarantined, [ed8d8d640378082ebed59b1db1506898],
PUP.Optional.Installex, C:\Users\User\AppData\Local\Temp\d9vD75aW.exe.part, Quarantined, [1466757cb0cb171ffcfff91db54c7c84],
PUP.Optional.Installrex, C:\Users\User\AppData\Local\Temp\mYd3db1a.exe.part, Quarantined, [a0da1ad78af13df9e501041d5da47b85],
PUP.Optional.Installrex, C:\Users\User\AppData\Local\Temp\GYLzpSct.exe.part, Quarantined, [7a00856c72099a9c17cfea37907130d0],
PUP.Optional.InstalleRex, C:\Users\User\AppData\Local\Temp\iaz7VBSZ.exe.part, Quarantined, [c3b750a12b5087afc08fbd8037cad927],
PUP.Optional.InstalleRex, C:\Users\User\AppData\Local\Temp\ifl2lJ4O.exe.part, Quarantined, [d8a24ea389f2979fdf6e6ecfae53728e],
PUP.Optional.Installrex, C:\Users\User\AppData\Local\Temp\dwAs4vor.exe.part, Quarantined, [1565d819f685db5be7ff1e0344bdf30d],
PUP.Optional.Installrex, C:\Users\User\AppData\Local\Temp\x0a1aCBp.exe.part, Quarantined, [7901a54c601ba09653933be636cbc53b],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Local\Temp\FreemakeVideoConverter_4.0.1.8.exe, Quarantined, [5e1c21d00a713cfa9f6edd429c65db25],
PUP.Optional.InstalleRex, C:\Users\User\AppData\Local\Temp\2doaD2to.exe.part, Quarantined, [a3d713de4932fc3a4f00ae8fba47867a],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Local\Temp\is-KPL4T.tmp\FreemakeVideoConverterSetup.exe, Quarantined, [b9c1f8f9d9a250e68885e03f55ac5ca4],
PUP.Optional.BundleInstaller.A, C:\Users\User\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\parent.txt, Quarantined, [df9b777ac9b2c76f7ff551ee9c658a76],
PUP.Optional.BundleInstaller.A, C:\Users\User\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\Setup.exe, Quarantined, [d5a58b660675201661133e01f40daa56],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Local\Temp\dlmDB24.tmp\FreemakeVideoConverterSetup.exe, Quarantined, [d2a899585922ee4829e4c35c956c03fd],
PUP.Optional.InstalleRex, C:\Users\User\Downloads\VaudiX(1).exe, Quarantined, [ed8da948374436008ac5d16c12efd927],
PUP.Optional.InstalleRex, C:\Users\User\Downloads\VaudiX.exe, Quarantined, [9ae044ad26557fb7fc531e1f03fe0ff1],

Physical Sectors: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 25 September 2014 - 09:44 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 06 October 2014 - 03:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by User (administrator) on USER-PC on 06-10-2014 16:04:39
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Logitech, Inc.) C:\Users\User\AppData\Local\Temp\iTouch-Server-Win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-20] ()
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-03] (APN)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3045978007-3589222681-31509875-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3045978007-3589222681-31509875-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\User\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid bb8d218d13e247d1bc55d1e980e4e9f3-0a6c6375a6e46724c16fc906e7a23a00252562f3 --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-3045978007-3589222681-31509875-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\User\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid bb8d218d13e247d1bc55d1e980e4e9f3-0a6c6375a6e46724c16fc906e7a23a00252562f3 --CMPID 0913a
HKU\S-1-5-21-3045978007-3589222681-31509875-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-03-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3045978007-3589222681-31509875-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3045978007-3589222681-31509875-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\User\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid bb8d218d13e247d1bc55d1e980e4e9f3-0a6c6375a6e46724c16fc906e7a23a00252562f3 --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-3045978007-3589222681-31509875-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\User\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid bb8d218d13e247d1bc55d1e980e4e9f3-0a6c6375a6e46724c16fc906e7a23a00252562f3 --CMPID 0913a
HKU\S-1-5-21-3045978007-3589222681-31509875-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-03-08] (Adobe Systems Incorporated)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
ShortcutTarget: Logitech Touch Mouse Server.lnk -> C:\Users\User\AppData\Local\Temp\iTouch-Server-Win.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D3F16A6EAB1CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4C589809-95AE-46D0-B7C7-1776DCAA0A01}&mid=bb8d218d13e247d1bc55d1e980e4e9f3-0a6c6375a6e46724c16fc906e7a23a00252562f3&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-09-09 14:00:22&v=18.0.5.292&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\epp42uiv.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-09-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-03] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [332096 2010-10-21] (QUALCOMM, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-13] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-13] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-10-21] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [137800 2010-10-21] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [443392 2010-10-21] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2010-10-21] (QUALCOMM Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 16:04 - 2014-10-06 16:05 - 00016906 _____ () C:\Users\User\Downloads\FRST.txt
2014-10-06 16:04 - 2014-10-06 16:04 - 00000000 ____D () C:\FRST
2014-10-06 16:02 - 2014-10-06 16:03 - 02109952 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-09-24 15:37 - 2014-10-06 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 15:37 - 2014-09-24 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 15:37 - 2014-09-24 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 15:37 - 2014-09-24 15:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 15:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 15:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 15:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 15:32 - 2014-09-24 15:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-24 01:13 - 2014-09-25 03:25 - 00044585 _____ () C:\Users\User\Documents\lethalweapon3.wlmp
2014-09-24 01:00 - 2014-09-24 01:05 - 00000000 ____D () C:\Users\User\Documents\Video Download Capture
2014-09-24 00:58 - 2014-09-24 00:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apowersoft
2014-09-24 00:58 - 2014-09-24 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-09-24 00:58 - 2014-09-24 00:58 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-09-24 00:58 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys
2014-09-24 00:58 - 2014-04-09 20:50 - 00443568 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll
2014-09-24 00:58 - 2014-04-09 20:50 - 00271536 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll
2014-09-24 00:58 - 2014-04-09 20:50 - 00181424 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll
2014-09-24 00:57 - 2014-09-24 00:57 - 23796776 _____ (APOWERSOFT LIMITED ) C:\Users\User\Downloads\video-download-capture.exe
2014-09-24 00:48 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 00:48 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 00:42 - 2014-09-24 00:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-24 00:42 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-24 00:41 - 2014-09-24 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-24 00:41 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-24 00:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-24 00:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-24 00:40 - 2014-09-24 00:41 - 00006747 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-24 00:36 - 2014-09-24 00:36 - 00918952 _____ (Oracle Corporation) C:\Users\User\Downloads\jxpiinstall(1).exe
2014-09-20 03:45 - 2014-09-20 03:45 - 05404245 _____ () C:\Users\User\Downloads\fvd-downloader.xpi
2014-09-20 03:44 - 2014-09-20 03:44 - 00699016 _____ (CNET Download.com) C:\Users\User\Downloads\cbsidlm-cbsi213-Flash_Video_Downloader_Youtube_Downloader_for_Firefox-ORG-10825131.exe
2014-09-20 03:14 - 2014-09-20 03:14 - 00008786 _____ () C:\Users\User\Documents\bttfTIME.wlmp
2014-09-20 02:45 - 2014-09-20 02:46 - 00000000 ____D () C:\Users\User\Documents\DreamVideoSoft
2014-09-20 02:44 - 2014-09-20 02:44 - 12859287 _____ (DreamVideoSoft,Inc. ) C:\Users\User\Downloads\solid-youtube-downloader.exe
2014-09-15 03:12 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 03:12 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 03:12 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 03:12 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 03:12 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 03:12 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 03:12 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 03:12 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 03:12 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 03:12 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 03:12 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 03:12 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 03:12 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 03:12 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 03:12 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 03:12 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 03:12 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 03:12 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 03:12 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 03:12 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 03:12 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 03:12 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 03:12 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 03:12 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 03:12 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 03:12 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 03:12 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 03:12 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 03:12 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 03:12 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 03:12 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 03:12 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 03:12 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 03:12 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 03:12 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 03:12 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 03:12 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 03:12 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 03:12 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 03:12 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 03:12 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 03:12 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 03:12 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 03:12 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 03:12 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 03:12 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 03:12 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 03:11 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 03:11 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 03:11 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 03:11 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 03:11 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 03:11 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 03:11 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 03:11 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 03:11 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 03:02 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 03:02 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-15 01:06 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-15 01:06 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-15 01:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 01:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-15 01:05 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 01:05 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-15 01:05 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-15 01:05 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-15 01:05 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 16:03 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 16:03 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 16:01 - 2011-12-03 14:41 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-06 15:58 - 2011-11-18 23:34 - 01153930 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 17:20 - 2014-07-30 01:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 03:45 - 2013-08-08 22:27 - 00000000 ____D () C:\Users\User\Desktop\parenthood
2014-09-24 00:59 - 2009-07-14 00:51 - 00044436 _____ () C:\Windows\setupact.log
2014-09-24 00:41 - 2013-03-06 19:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-20 02:42 - 2012-05-06 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 02:10 - 2013-09-09 14:00 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-09-15 04:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-15 03:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 03:09 - 2013-05-06 23:47 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-15 03:09 - 2009-07-14 01:13 - 00775084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 03:08 - 2013-07-21 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 03:04 - 2011-11-18 23:51 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-15 02:10 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\User\AppData\Local\Temp\Bonjour64Setup.exe
C:\Users\User\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\User\AppData\Local\Temp\iTouch-Server-Win.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\kdrekx8_.dll
C:\Users\User\AppData\Local\Temp\SDL_0.dll
C:\Users\User\AppData\Local\Temp\SDL_3.dll
C:\Users\User\AppData\Local\Temp\Setup.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-30 00:46

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by User at 2014-10-06 16:07:01
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4646332D-5637-006A-76A7-A758B70C1002}) (Version: 12.16.2.1970 - APN, LLC) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4037 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Free DVD Converter 1.0 (HKLM-x32\...\Free DVD Converter_is1) (Version:  - FreeMovieConverter.net)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3123 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3123 - Hewlett-Packard) Hidden
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech Touch Mouse Server 1.0 (HKLM-x32\...\Logitech Touch Mouse Server) (Version: 1.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{519B5FFE-5F7D-4E76-8F2B-081981AE163C}) (Version: 1.1.190 - QUALCOMM)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TouchCopy 11 (HKLM-x32\...\{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}) (Version: 11.03 - Wide Angle Software)
Video Download Capture version 4.9.1 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.1 - APOWERSOFT LIMITED)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-09-2014 00:39:29 Scheduled Checkpoint
15-09-2014 04:55:42 Windows Modules Installer
15-09-2014 07:00:48 Windows Update
24-09-2014 04:39:32 Installed Java 7 Update 67
24-09-2014 04:59:21 Device Driver Package Install: Apowersoft Sound, video and game controllers
24-09-2014 07:00:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {061A2207-E3A7-4D10-A163-1541E660F0DF} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {333F748C-3211-4D70-820A-1AD096948359} - System32\Tasks\{E94A0AE2-9DDB-4A12-9740-6BD5742CF22D} => Firefox.exe http://ui.skype.com/ui/0/5.8.59.158/en/abandoninstall?page=tsMain
Task: {4649774F-F479-4269-99FB-6B083435549F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-07-14] (CyberLink)
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-08-13 03:35 - 2014-08-13 03:35 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-12-04 01:45 - 2011-12-03 23:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-09 14:00 - 2014-09-20 02:09 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-13 03:35 - 2014-08-13 03:35 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2013-12-11 04:22 - 2014-09-20 02:09 - 01654296 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-07-30 01:25 - 2014-09-29 17:20 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-3045978007-3589222681-31509875-500 - Administrator - Disabled)
Guest (S-1-5-21-3045978007-3589222681-31509875-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3045978007-3589222681-31509875-1006 - Limited - Enabled)
User (S-1-5-21-3045978007-3589222681-31509875-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15086

Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15086

Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5413

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5413

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9828

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9828

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 08:21:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9313


System errors:
=============
Error: (08/02/2014 00:01:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The vToolbarUpdater18.1.7 service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2014 00:46:22 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (07/31/2014 00:46:05 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.


Microsoft Office Sessions:
=========================
Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15086

Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15086

Error: (09/30/2014 10:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5413

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5413

Error: (09/30/2014 10:31:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9828

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9828

Error: (09/30/2014 04:30:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 08:21:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9313


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 3893.86 MB
Available physical RAM: 1496.91 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4593.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:255.34 GB) NTFS
Drive e: () (Removable) (Total:14.83 GB) (Free:9.36 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38788CEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 06 October 2014 - 03:28 PM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-06 16:27:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEKT-60KA9T0 rev.01.01A01 465.76GB
Running: k3e6t1m7.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6552]                                                                                                                                               0000000077042e65
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3124]                                                                                                                                               00000000770cd74e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6680]                                                                                                                                               00000000689aa4bd
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3372]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2192]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6984]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5304]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6568]                                                                                                                                               000000006e8d8066
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7596]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5628]                                                                                                                                               000000007571d864
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:1800]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7216]                                                                                                                                               000000006e7827e1
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4984]                                                                                                                                               000000006926b9f0
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6904]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:1436]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5716]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5684]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7912]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3560]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3120]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6532]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7500]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6224]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4896]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3532]                                                                                                                                               000000006926c360
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5600]                                                                                                                                               000000006926b9f0
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2380]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4612]                                                                                                                                               0000000077043e85
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6892]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7608]                                                                                                                                               000000007237f28e
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5748]                                                                                                                                               000000006d28e640
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5172]                                                                                                                                               00000000692c205f
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:472]                                                                                                                                                00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2200]                                                                                                                                               00000000678c78e9
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:696]                                                                                                                                                0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3444]                                                                                                                                               0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6952]                                                                                                                                               0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5248]                                                                                                                                               0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:520]                                                                                                                                                0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7076]                                                                                                                                               0000000068d58f48
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5648]                                                                                                                                               0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2580]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4948]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3268]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2604]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5572]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2444]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6648]                                                                                                                                               0000000066df6e53
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3000]                                                                                                                                               000000006bf4f007
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6656]                                                                                                                                               00000000680b1d3f
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:5592]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3204]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7660]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3096]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7300]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7548]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:372]                                                                                                                                                0000000066df6e53
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4340]                                                                                                                                               0000000066eaeda6
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3824]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6372]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:6628]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:1360]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4148]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:3216]                                                                                                                                               00000000753c12e5
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2808]                                                                                                                                               0000000066df6e53
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4676]                                                                                                                                               0000000077043e85
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:4688]                                                                                                                                               0000000077043e85
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:712]                                                                                                                                                0000000077043e85
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:7132]                                                                                                                                               0000000077043e85
Thread   C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [5676:2016]                                                                                                                                               0000000077043e85
---- Processes - GMER 2.1 ----

Process  C:\Users\User\AppData\Local\Temp\iTouch-Server-Win.exe (*** suspicious ***) @ C:\Users\User\AppData\Local\Temp\iTouch-Server-Win.exe [3588] (Logitech Touch Mouse Server for Windows/Logitech, Inc.)(2009-10-23 21:59:54)  000000013f350000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E2DC01B5-1E11-4F2D-8909-340B7492CA37}\Connection@Name                                                                                isatap.{3B2C667A-05DF-4600-AE23-8EF8E4D04D7F}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                                   \Device\{D69574CD-3EC4-4F40-9039-4FEF30235551}?\Device\{E2DC01B5-1E11-4F2D-8909-340B7492CA37}?\Device\{CD3256DC-B6F6-4481-952C-AEFA7C1AC91A}?\Device\{3346A5A9-E58D-4FD8-916A-905AC47F7879}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                                  "{D69574CD-3EC4-4F40-9039-4FEF30235551}"?"{E2DC01B5-1E11-4F2D-8909-340B7492CA37}"?"{CD3256DC-B6F6-4481-952C-AEFA7C1AC91A}"?"{3346A5A9-E58D-4FD8-916A-905AC47F7879}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                                 \Device\TCPIP6TUNNEL_{D69574CD-3EC4-4F40-9039-4FEF30235551}?\Device\TCPIP6TUNNEL_{E2DC01B5-1E11-4F2D-8909-340B7492CA37}?\Device\TCPIP6TUNNEL_{CD3256DC-B6F6-4481-952C-AEFA7C1AC91A}?\Device\TCPIP6TUNNEL_{3346A5A9-E58D-4FD8-916A-905AC47F7879}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E2DC01B5-1E11-4F2D-8909-340B7492CA37}@InterfaceName                                                                                                     isatap.{3B2C667A-05DF-4600-AE23-8EF8E4D04D7F}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E2DC01B5-1E11-4F2D-8909-340B7492CA37}@ReusableType                                                                                                      0

---- EOF - GMER 2.1 ----
 



#5 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 06 October 2014 - 03:36 PM

no threats found with tdsskiller



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 07 October 2014 - 06:51 AM

Do you still receive audio ads?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 08 October 2014 - 11:59 PM

no. BUT surfing the web has gotten slower and i just got a pop up that said "avg protected you from several threats recently"



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 09 October 2014 - 03:41 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 13 October 2014 - 08:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 14 October 2014 - 04:04 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 October 2014 - 03:13 PM

ComboFix 14-10-15.01 - User 10/15/2014  15:49:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2492 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Temp\iTouch-Server-Win.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-15 to 2014-10-15  )))))))))))))))))))))))))))))))
.
.
2014-10-15 19:56 . 2014-10-15 19:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-15 04:14 . 2014-08-19 03:07    32256    ----a-w-    c:\windows\system32\appidsvc.dll
2014-10-15 04:13 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-15 04:12 . 2014-09-13 01:58    77312    ----a-w-    c:\windows\system32\packager.dll
2014-10-15 04:12 . 2014-09-13 01:40    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-06 20:16 . 2014-10-06 20:16    --------    d-----w-    c:\program files\iPod
2014-10-06 20:16 . 2014-10-06 20:18    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-06 20:16 . 2014-10-06 20:18    --------    d-----w-    c:\program files\iTunes
2014-10-06 20:16 . 2014-10-06 20:18    --------    d-----w-    c:\program files (x86)\iTunes
2014-10-06 20:15 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-06 20:15 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-10-06 20:04 . 2014-10-06 20:08    --------    d-----w-    C:\FRST
2014-09-24 19:37 . 2014-10-15 19:44    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 19:37 . 2014-09-24 19:37    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-24 19:37 . 2014-09-24 19:37    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-24 19:37 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-24 19:37 . 2014-05-12 11:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-24 19:37 . 2014-05-12 11:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-24 04:58 . 2014-09-24 04:58    --------    d-----w-    c:\users\User\AppData\Roaming\Apowersoft
2014-09-24 04:58 . 2014-09-24 04:58    --------    d-----w-    c:\program files (x86)\Apowersoft
2014-09-24 04:58 . 2014-04-10 01:05    31920    ----a-w-    c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2014-09-24 04:58 . 2014-04-10 00:50    271536    ---ha-w-    c:\windows\SysWow64\ApowersoftScreenCapturingFilter.dll
2014-09-24 04:58 . 2014-04-10 00:50    181424    ---ha-w-    c:\windows\SysWow64\ApowersoftVideoMixerFilter.dll
2014-09-24 04:58 . 2014-04-10 00:50    443568    ---ha-w-    c:\windows\SysWow64\ApowersoftScreenCapturing.dll
2014-09-24 04:48 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 04:48 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-24 04:42 . 2014-09-24 04:42    --------    d-----w-    c:\programdata\Oracle
2014-09-24 04:42 . 2014-09-24 04:42    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-09-24 04:41 . 2014-07-25 16:55    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-20 06:42 . 2014-09-20 06:42    3231696    ----a-w-    c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-15 07:00 . 2011-11-19 03:51    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-09-06 00:38 . 2012-07-17 18:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-09-06 00:54    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-06 00:54    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-13 07:35 . 2013-09-09 18:00    50976    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-08-06 14:50 . 2014-08-06 14:50    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-08-01 11:53 . 2014-09-15 05:06    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-15 05:06    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-07-28 18:52 . 2014-07-28 18:52    6112072    ----a-w-    c:\windows\system32\usbaaplrc.dll
2014-07-28 18:52 . 2014-07-28 18:52    54784    ----a-w-    c:\windows\system32\drivers\usbaapl64.sys
2014-07-25 06:35 . 2014-07-25 06:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 01:03 . 2014-07-22 01:03    244504    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-09-20 06:09    3627032    ----a-w-    c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll" [2014-09-20 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-09-20 2640408]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-03 1942424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterhp2k.sys [x]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys;c:\windows\SYSNATIVE\DRIVERS\qcombushp.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserhp2k.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-27 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\epp42uiv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\User\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\User\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk - c:\users\User\AppData\Local\Temp\iTouch-Server-Win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Logitech Touch Mouse Server - c:\users\User\AppData\Local\Temp\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-15  15:59:28
ComboFix-quarantined-files.txt  2014-10-15 19:59
.
Pre-Run: 286,139,404,288 bytes free
Post-Run: 289,943,994,368 bytes free
.
- - End Of File - - 75146D4988711BBEAE65891C154A4A35
A36C5E4F47E84449FF07ED3517B43A31
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 16 October 2014 - 12:02 PM

How is the system behaving now?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 20 October 2014 - 02:10 PM

seems to be ok. been using my phone to browse since the comp was has been so annoying and slow. can we keep this topic open for just a bit longer? did u see anything suspcious on the results?



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 21 October 2014 - 08:05 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 07 November 2014 - 03:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users