Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please - AVG and others "blocked by group policy" after AVG alert


  • This topic is locked This topic is locked
43 replies to this topic

#1 clarkee

clarkee

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 November 2014 - 10:06 AM

Hi Helpful People!

 

I have spend a long time on your site as it appears many other have had a very similar issue as me...but i cant sort it alone.

 

I got an threat alert thrown up by AVG 2015 during browsing and thereafter the AVG logo disappeared in the system tray and I can no longer open it or system restore (that i have discovered so far) and get the error message "blocked by group policy - please contact system admin" when i try.

 

I rely on my computer for everything :(

 

I have most of the logging and tools downloaded already you refer and recommended to others in similar logs so would be grateful for some specific helpful guidance. I dont want to start and mess it up halfway alone.

 

Of note I have done a recent CCleaner and I can run Malwarebytes which quaranteened 1 file and now says all is well on a 2nd run but the issue persists...

 

Please help me!


Edited by clarkee, 02 November 2014 - 10:07 AM.


BC AdBot (Login to Remove)

 


#2 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 November 2014 - 11:00 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584
Run by Tom at 15:54:05 on 2014-11-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.1378 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
C:\Program Files\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
mRun: [eRecoveryService] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: Interfaces\{52A7629C-9179-44A0-AE98-F4F1C7854CD6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{94B7C318-37E5-49C3-81D3-309B28D937FF} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages =  scecli c:\program files\acer\acer bio protection\PwdFilter
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\2uomd9pt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.grepolis.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\tom\appdata\local\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10181.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-4-24 43184]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-27 42784]
R1 papycpu;papycpu;c:\windows\system32\drivers\PAPYCPU.SYS [2011-3-2 1984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-24 41456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-24 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-24 122368]
R2 RIM MDNS;RIM MDNS;c:\program files\common files\research in motion\tunnel manager\mDNSResponder.exe [2014-5-7 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\common files\research in motion\tunnel manager\tunmgr.exe [2014-5-7 1324544]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-13 1820184]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2014-1-21 585728]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis6.sys [2014-5-7 14336]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-2-15 40752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9dd58f0171190;Google Update Service (gupdate1c9dd58f0171190);c:\program files\google\update\GoogleUpdate.exe [2009-5-25 107912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-3-21 80912]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-6 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-6 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-6 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-10-6 114280]
.
=============== Created Last 30 ================
.
2014-11-02 14:42:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-02 14:38:43 -------- d-----w- C:\AdwCleaner
2014-11-02 14:21:14 -------- d-----w- C:\FRST
2014-10-23 13:58:53 -------- d-----w- c:\users\tom\appdata\roaming\AVG2015
2014-10-23 13:53:09 -------- d-----w- c:\programdata\AVG2015
2014-10-23 13:49:40 -------- d-----w- c:\users\tom\appdata\local\Avg2015
2014-10-15 12:21:58 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 12:21:58 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 12:21:58 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 12:15:47 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 11:58:30 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-15 11:58:15 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-08 10:02:54 -------- d-----w- c:\users\tom\appdata\local\Apps
.
==================== Find3M  ====================
.
2014-11-02 14:30:09 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 11:11:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 11:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-20 20:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-13 08:03:06 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 15:55:12.45 ===============
 

Attached Files



#3 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 November 2014 - 05:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014

Ran by Tom (administrator) on CLARKEE on 04-11-2014 08:00:10
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom & Mcx1 & removevirus & UpdatusUser (Available profiles: Tom & Mcx1 & removevirus & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
() C:\Windows\System32\PnkBstrA.exe
(Apple Inc.) C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Realtek Semiconductor Corp.) C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-02] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {2523f92e-93cd-11dd-80e1-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {7e5c6b3a-0988-11df-8cf1-bb951b2e8265} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {7e5c6b4a-0988-11df-8cf1-bb951b2e8265} - G:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {95640796-6634-11dd-acc2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {d665ba5b-710c-11dd-a3eb-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {f12333dc-6622-11dd-9714-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {f12333f0-6622-11dd-9714-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {fc5b6a20-5cbe-11e1-b3f5-9ddf2370cd47} - E:\SafeStick.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3669477217-1891237809-903714826-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-3669477217-1891237809-903714826-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1007\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default
FF Homepage: hxxp://en.grepolis.com/
FF Keyword.URL: hxxp://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Tom\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-10]
FF Extension: DownloadHelper - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-03-10]
FF Extension: Greasemonkey - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-03-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-02]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBaySummary&ssPageName=STRK:ME:LNLK:MESUMX"
CHR Plugin: (Shockwave Flash) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Tampermonkey) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-03-01]
CHR Extension: (AVG Security Toolbar) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-07] () [File not signed]
S2 gupdate1c9dd58f0171190; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-07-11] ()
R2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-05-07] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1324544 2014-05-07] (Research In Motion Limited) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-13] (AVG Secure Search)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-04-24] (Alfa Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9336 2007-02-02] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9464 2007-02-02] (Sonic Solutions)
R1 cdudf_xp; C:\Windows\system32\Drivers\cdudf_xp.sys [291456 2005-02-28] (Roxio) [File not signed]
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 DVDVRRdr_xp; C:\Windows\system32\Drivers\DVDVRRdr_xp.sys [141184 2005-02-28] (Windows ® 2000 DDK provider) [File not signed]
R3 dvd_2K; C:\Windows\system32\Drivers\dvd_2K.sys [24064 2005-02-28] (Roxio) [File not signed]
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-03-11] (Atheros Communications, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 mmc_2K; C:\Windows\system32\Drivers\mmc_2K.sys [23808 2005-02-28] (Roxio) [File not signed]
S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [33848 2010-02-07] (NCH Swift Sound)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.) [File not signed]
R0x01000000 papycpu; C:\Windows\system32\drivers\papycpu.sys [1984 1998-10-06] () [File not signed]
R0x01000000 papyjoy; C:\Windows\system32\drivers\papyjoy.sys [1888 1998-10-06] () [File not signed]
R1 pwd_2k; C:\Windows\system32\Drivers\pwd_2k.sys [117632 2005-02-28] (Roxio) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2014-05-07] (Research in Motion Limited)
R1 UDFReadr; C:\Windows\system32\Drivers\UDFReadr.sys [202368 2005-02-28] (Roxio) [File not signed]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [41456 2008-03-05] (Cyberlink Corp.)
R3 ALSysIO; \??\C:\Users\Tom\AppData\Local\Temp\ALSysIO.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 krdpdre; \??\C:\Users\Tom\AppData\Local\Temp\krdpdre.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 07:55 - 2014-11-04 08:00 - 00023785 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-11-04 07:55 - 2014-11-04 07:56 - 00000000 ____D () C:\Users\Tom\Desktop\DDS
2014-11-02 15:18 - 2014-11-02 15:18 - 00000000 ____D () C:\Users\Tom\Documents\BLACKBERRY-6036
2014-11-02 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-02 14:38 - 2014-11-02 14:42 - 00000000 ____D () C:\AdwCleaner
2014-11-02 14:38 - 2014-11-02 14:38 - 01706359 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-11-02 14:38 - 2014-11-02 14:38 - 01375089 _____ () C:\Users\Tom\Desktop\AdwCleaner.exe
2014-11-02 14:21 - 2014-11-04 08:00 - 00000000 ____D () C:\FRST
2014-11-02 14:14 - 2014-11-02 15:17 - 00001630 _____ () C:\Windows\setupact.log
2014-11-02 14:14 - 2014-11-02 15:08 - 01106432 _____ (Farbar) C:\Users\Tom\Desktop\FRST.exe
2014-11-02 14:14 - 2014-11-02 14:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 13:58 - 2014-10-23 13:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\AVG2015
2014-10-23 13:53 - 2014-11-02 13:33 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-23 13:49 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\Tom\AppData\Local\Avg2015
2014-10-15 12:21 - 2014-06-15 22:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:21 - 2014-06-13 18:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:21 - 2014-06-13 18:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:15 - 2014-09-27 23:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 11:58 - 2014-09-16 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:58 - 2014-09-04 23:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 11:57 - 2014-09-19 22:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 11:57 - 2014-09-19 22:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 11:57 - 2014-09-19 22:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 11:57 - 2014-09-19 22:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 11:57 - 2014-09-19 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 11:57 - 2014-09-19 22:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 11:57 - 2014-09-19 22:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 11:57 - 2014-09-19 22:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 11:57 - 2014-09-19 22:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 11:57 - 2014-09-19 22:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 11:57 - 2014-09-19 22:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 11:57 - 2014-09-19 22:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-08 10:02 - 2014-10-08 10:02 - 00000000 ____D () C:\Users\Tom\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 07:59 - 2013-04-02 14:00 - 01050335 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 07:53 - 2011-04-02 10:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-04 07:48 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 07:48 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 18:30 - 2011-01-02 16:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 16:41 - 2006-11-02 10:33 - 00708644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 16:35 - 2013-06-04 06:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-02 16:35 - 2011-01-02 16:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 16:34 - 2008-04-24 03:02 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-11-02 16:34 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 16:33 - 2008-07-04 16:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-02 16:33 - 2006-11-02 13:01 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 15:17 - 2013-01-02 20:31 - 00032991 _____ () C:\ads_err.adt
2014-11-02 15:17 - 2013-01-02 20:31 - 00003072 _____ () C:\ads_err.adi
2014-11-02 14:30 - 2014-07-17 18:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 13:35 - 2013-04-12 16:16 - 00000000 ____D () C:\Users\Tom\Desktop\Explorer
2014-11-02 10:09 - 2011-09-04 08:09 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-10-28 16:10 - 2014-07-17 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 16:10 - 2014-07-17 18:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 16:07 - 2011-07-16 13:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 14:08 - 2010-09-28 18:13 - 00000000 ____D () C:\Program Files\Steam
2014-10-23 13:58 - 2011-09-26 21:00 - 00000000 ___HD () C:\$AVG
2014-10-23 13:57 - 2014-03-31 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-23 13:52 - 2011-09-26 18:50 - 00000000 ____D () C:\Program Files\AVG
2014-10-15 13:22 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 13:06 - 2006-11-02 12:47 - 00327168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 12:08 - 2013-07-11 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 11:58 - 2006-11-02 10:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-05 15:58 - 2008-07-04 15:01 - 00000908 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

Files to move or delete:
====================
C:\Users\Tom\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\removevirus\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-02 16:41

==================== End Of Log ============================


Edited by clarkee, 04 November 2014 - 05:17 AM.


#4 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 November 2014 - 05:18 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Tom at 2014-11-04 08:01:22
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4U WMA MP3 Converter 3.1.5 (HKLM\...\4U WMA MP3 Converter_is1) (Version:  - 4U Computing, Inc.)
AAV 6.0.00.08 (HKLM\...\Acer Acer Bio Protection 6.0.00.08) (Version:  - )
ABC (remove only) (HKLM\...\ABC) (Version:  - )
ABC Amber vCard Converter (HKLM\...\ABC Amber vCard Converter) (Version:  - )
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5105 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5105 - CyberLink Corp.) Hidden
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.5 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.5 - SuYin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3007 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3005 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3007 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3004 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.13.1301 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.20 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.9 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.28 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
BlackBerry Backup Extractor (HKCU\...\BlackBerry Backup Extractor) (Version: 1.0.3.0 - Reincubate Ltd)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)
BlackBerry Link (HKLM\...\BlackBerry_10_Desktop) (Version: 1.2.3.48 - BlackBerry Ltd.)
BlackBerry Link (Version: 1.2.3.48 - BlackBerry Ltd.) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version:  - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Day of Defeat (HKLM\...\Steam App 30) (Version:  - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Homeworld2 (HKLM\...\Homeworld2) (Version:  - Sierra)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AE47EB5B-1789-4480-AD6D-7753473E9DDE}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
ITECIR Driver (HKLM\...\{FCED9B62-34FF-4C15-8A23-F65221F7874D}) (Version: 1.00.000 - ITE)
Java™ 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.09.03 - JMicron Technology Corp.)
KeyControl v1.02 (remove only) (HKLM\...\KeyControl) (Version:  - )
K-Lite Codec Pack 4.8.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 4.8.0 - )
KODAK EASYSHARE Gallery Upload ActiveX Control (HKLM\...\OfotoEZUpload) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
MadTracker 2 (HKLM\...\MadTracker 2) (Version:  - )
MagicBerry for Blackberry version 3.5 (HKLM\...\{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1) (Version: 3.5 - Mena Step Innovative Solutions (Ashraf Awwad))
MAGIX audio cleaning 3.0 deLuxe (HKLM\...\MAGIX audio cleaning 3.0 deLuxe) (Version: 3.1.0.0 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox (3.0.1) (HKLM\...\Mozilla Firefox (3.0.1)) (Version: 3.0.1 (en-GB) - Mozilla)
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-GB) - Mozilla)
MP3 Sound Recorder 2.62 (HKLM\...\MP3 Sound Recorder 2.62) (Version:  - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nimo Codecs Pack v5.0 (Remove Only) (HKLM\...\NimoCorp) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Paint Shop Pro 7 Try And Buy (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5582 - Realtek Semiconductor Corp.)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
Roxio Easy Media Creator 7 Basic DVD Edition (HKLM\...\{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}) (Version: 7.1.0.219 - Roxio, Inc.)
Sakura (HKLM\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase v4.1.3 (HKLM\...\Steinberg Cubase_is1) (Version:  - )
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
TKA - GenoBazz VSTi (HKLM\...\{A4E4C384-A8C9-4A8D-B60A-21312FC42C55}_is1) (Version: 1.2.1 - Tek'it Audio)
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validity Sensors software (HKLM\...\{567E8236-C414-4888-8211-3D61608D57AE}) (Version: 2.7.30 - Validity Sensors, Inc.)
VirtualDJ PRO Full (HKLM\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3669477217-1891237809-903714826-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Tom\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3669477217-1891237809-903714826-1007_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10 (the data entry has 15 more characters).

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2011-12-14 20:12 - 00000761 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {191B8271-32CF-4FA7-A3AC-BD9B959F5367} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4F30FF0B-2DBD-4700-8C60-DBF5F083712F}.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {295F9649-2200-4688-ACD2-C4A9FDF86BD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {5F37E5DD-61C3-442C-91DB-6325DC8FF9F3} - System32\Tasks\{94EEEC49-3B3E-4150-BB99-479E5AC51C93} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {8155DFE6-28B6-479F-A134-DE1A9488CCE6} - System32\Tasks\Core Temp Autostart Tom => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {AB3BD675-22B0-477D-ADF8-3DDBCD1BEEBC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Tom => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {CD109B3B-F29C-43C3-97C8-2F0C295AFD57} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-02] (Google)
Task: {D8D15633-016B-4D6A-BE09-0A50C9E0AB94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {F71029FD-2D22-4AAE-8B72-F973FC318ABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4F30FF0B-2DBD-4700-8C60-DBF5F083712F}.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-04-24 02:56 - 2008-04-24 02:56 - 00080896 _____ () C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
2008-04-24 03:15 - 2008-01-17 01:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-03-21 06:57 - 2008-03-07 22:05 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-03-21 06:57 - 2008-03-21 06:57 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3005.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-03-21 06:57 - 2008-03-21 06:57 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-03-21 06:57 - 2008-03-21 06:57 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll
2008-03-21 06:57 - 2008-03-21 06:57 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3005.0__672b450de5a7e94a\Framework.Host.dll
2008-03-21 06:57 - 2008-03-21 06:57 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3005.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-03-21 07:04 - 2008-03-07 10:35 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2008-03-21 06:57 - 2008-03-21 06:57 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll
2008-03-21 07:02 - 2008-03-06 00:35 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-03-21 07:02 - 2008-03-06 00:33 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-03-21 07:02 - 2008-03-06 00:35 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-03-21 07:02 - 2008-03-06 00:33 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-03-21 07:41 - 2007-12-06 23:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-21 07:41 - 2007-11-27 22:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-07-11 19:15 - 2008-07-11 19:17 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2011-06-08 21:57 - 2011-06-08 21:57 - 01929576 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2014-08-13 08:04 - 2014-08-13 08:03 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-13 08:04 - 2014-08-13 08:03 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2008-07-04 21:53 - 2005-10-07 14:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-04-20 21:16 - 2012-01-25 13:59 - 00758224 _____ () C:\Program Files\Core Temp\Core Temp.exe
2012-09-27 16:14 - 2014-09-02 05:58 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: eDataSecurity Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.05468160269395439.exe.lnk => C:\Windows\pss\0.05468160269395439.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^heo4zjk.lnk => C:\Windows\pss\heo4zjk.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wpbt0.dll.lnk => C:\Windows\pss\wpbt0.dll.lnk.Startup
MSCONFIG\startupreg: Ad-Watch =>
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Tom\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DisplayFusion => "C:\Program Files\DisplayFusion\DisplayFusion.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: F-Secure TNB => "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
MSCONFIG\startupreg: Google Update =>
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: RegistryMechanic => C:\Program Files\Registry Mechanic\RMTray.exe /H
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe =>
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: WarReg_PopUp => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZPdtWzdVitaKey MC3000 => "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

========================= Accounts: ==========================

Administrator (S-1-5-21-3669477217-1891237809-903714826-500 - Administrator - Disabled)
Guest (S-1-5-21-3669477217-1891237809-903714826-501 - Limited - Disabled)
Mcx1 (S-1-5-21-3669477217-1891237809-903714826-1005 - Administrator - Enabled) => C:\Users\Mcx1
removevirus (S-1-5-21-3669477217-1891237809-903714826-1006 - Administrator - Enabled) => C:\Users\removevirus
Tom (S-1-5-21-3669477217-1891237809-903714826-1000 - Administrator - Enabled) => C:\Users\Tom
UpdatusUser (S-1-5-21-3669477217-1891237809-903714826-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #23
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1E
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {5c69eefe-3c1e-44ef-8501-f475f902fca7}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 04:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 648: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 656: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 624: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 616: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/02/2014 03:21:43 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 560: ERROR: read_msg errno 0 (The operation completed successfully.)

System errors:
=============
Error: (11/02/2014 06:21:51 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 169.254.85.78 for the Network Card with network address 96EBCDDED858 has been denied by the DHCP server 169.254.142.89 (The DHCP Server sent a DHCPNACK message).

Error: (11/02/2014 06:13:58 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 169.254.202.14 for the Network Card with network address 96EBCDDED858 has been denied by the DHCP server 169.254.85.77 (The DHCP Server sent a DHCPNACK message).

Error: (11/02/2014 04:39:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 169.254.82.206 for the Network Card with network address 96EBCDDED858 has been denied by the DHCP server 169.254.202.13 (The DHCP Server sent a DHCPNACK message).

Error: (11/02/2014 04:39:40 PM) (Source: Schannel) (EventID: 4106) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/02/2014 04:38:27 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 169.254.108.98 for the Network Card with network address 96EBCDDED858 has been denied by the DHCP server 169.254.82.205 (The DHCP Server sent a DHCPNACK message).

Error: (11/02/2014 04:36:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000avgwd

Error: (11/02/2014 04:34:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Cdr4_xp
Lbd

Error: (11/02/2014 04:34:00 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (11/02/2014 04:33:39 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (11/02/2014 03:43:29 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 169.254.251.110 for the Network Card with network address 96EBCDDED858 has been denied by the DHCP server 169.254.108.97 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (02/23/2011 03:46:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/23/2011 03:45:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 468 seconds with 240 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-04 08:00:28.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:27.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:27.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:26.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:25.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:24.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:24.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 08:00:23.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 07:56:06.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-04 07:56:06.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3069.5 MB
Available physical RAM: 1531.21 MB
Total Pagefile: 3971.73 MB
Available Pagefile: 2479.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.12 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:67.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:107.9 GB) (Free:29.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B159982E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 07 November 2014 - 10:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554387 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 November 2014 - 04:11 AM

NEW DDS AS REQUESTED

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584
Run by Tom at 9:08:42 on 2014-11-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.1424 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
mRun: [eRecoveryService] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{52A7629C-9179-44A0-AE98-F4F1C7854CD6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{94B7C318-37E5-49C3-81D3-309B28D937FF} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages =  scecli c:\program files\acer\acer bio protection\PwdFilter
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\2uomd9pt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.grepolis.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\tom\appdata\local\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10181.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-4-24 43184]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-27 42784]
R1 papycpu;papycpu;c:\windows\system32\drivers\PAPYCPU.SYS [2011-3-2 1984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-24 41456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-24 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-24 122368]
R2 RIM MDNS;RIM MDNS;c:\program files\common files\research in motion\tunnel manager\mDNSResponder.exe [2014-5-7 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\common files\research in motion\tunnel manager\tunmgr.exe [2014-5-7 1324544]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-13 1820184]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2014-1-21 585728]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis6.sys [2014-5-7 14336]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-2-15 40752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9dd58f0171190;Google Update Service (gupdate1c9dd58f0171190);c:\program files\google\update\GoogleUpdate.exe [2009-5-25 107912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-3-21 80912]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-6 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-6 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-6 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-10-6 114280]
.
=============== Created Last 30 ================
.
2014-11-02 14:42:28 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-02 14:38:43 -------- d-----w- C:\AdwCleaner
2014-11-02 14:21:14 -------- d-----w- C:\FRST
2014-10-23 13:58:53 -------- d-----w- c:\users\tom\appdata\roaming\AVG2015
2014-10-23 13:53:09 -------- d-----w- c:\programdata\AVG2015
2014-10-23 13:49:40 -------- d-----w- c:\users\tom\appdata\local\Avg2015
2014-10-15 12:21:58 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 12:21:58 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 12:21:58 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 12:15:47 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 11:58:30 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-15 11:58:15 66560 ----a-w- c:\windows\system32\packager.dll
.
==================== Find3M  ====================
.
2014-11-02 14:30:09 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 11:11:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 11:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-20 20:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-13 08:03:06 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH:  9:09:26.92 ===============

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 09 November 2014 - 10:36 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 November 2014 - 04:42 AM

FRST already done please see above (#3 and #4). Reposting will make this conversation really rather long!



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 10 November 2014 - 10:12 AM

Your posted scans were from 6 days ago with a version of the tool that has since been updated.  Please download a new copy and and run fresh scans for me.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 November 2014 - 01:58 PM

Sorted, cheers

______

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Tom (administrator) on CLARKEE on 10-11-2014 18:51:50
Running from C:\Users\Tom\Desktop\FRST2
Loaded Profiles: Tom & Mcx1 & removevirus & UpdatusUser (Available profiles: Tom & Mcx1 & removevirus & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
() C:\Windows\System32\PnkBstrA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Realtek Semiconductor Corp.) C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
(Apple Inc.) C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-02] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {2523f92e-93cd-11dd-80e1-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {7e5c6b3a-0988-11df-8cf1-bb951b2e8265} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {7e5c6b4a-0988-11df-8cf1-bb951b2e8265} - G:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {95640796-6634-11dd-acc2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {d665ba5b-710c-11dd-a3eb-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {f12333dc-6622-11dd-9714-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {f12333f0-6622-11dd-9714-001de0aa6667} - E:\AutoRun.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1000\...\MountPoints2: {fc5b6a20-5cbe-11e1-b3f5-9ddf2370cd47} - E:\SafeStick.exe
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3669477217-1891237809-903714826-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search)
HKU\S-1-5-21-3669477217-1891237809-903714826-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3669477217-1891237809-903714826-1007\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default
FF Homepage: hxxp://en.grepolis.com/
FF Keyword.URL: hxxp://isearch.avg.com/search?cid={A8549F13-3885-4550-BB4B-C2F913C3F58E}&mid=b77e5b77de7247d1aee96b066acb09c9-cc55ad9cd876b6386b25902774e4a2a575b5be6e&lang=en&ds=AVG&pr=fr&d=2012-09-27 17:14:34&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-10]
FF Extension: DownloadHelper - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-03-10]
FF Extension: Greasemonkey - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\2uomd9pt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2014-03-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-02]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBaySummary&ssPageName=STRK:ME:LNLK:MESUMX"
CHR Plugin: (Shockwave Flash) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Tampermonkey) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-03-01]
CHR Extension: (AVG Security Toolbar) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-17] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-07] () [File not signed]
S2 gupdate1c9dd58f0171190; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-07-11] ()
R2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-05-07] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1324544 2014-05-07] (Research In Motion Limited) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-13] (AVG Secure Search)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-04-24] (Alfa Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9336 2007-02-02] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9464 2007-02-02] (Sonic Solutions)
R1 cdudf_xp; C:\Windows\system32\Drivers\cdudf_xp.sys [291456 2005-02-28] (Roxio) [File not signed]
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 DVDVRRdr_xp; C:\Windows\system32\Drivers\DVDVRRdr_xp.sys [141184 2005-02-28] (Windows ® 2000 DDK provider) [File not signed]
R3 dvd_2K; C:\Windows\system32\Drivers\dvd_2K.sys [24064 2005-02-28] (Roxio) [File not signed]
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-03-11] (Atheros Communications, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 mmc_2K; C:\Windows\system32\Drivers\mmc_2K.sys [23808 2005-02-28] (Roxio) [File not signed]
S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [33848 2010-02-07] (NCH Swift Sound)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.) [File not signed]
R0x01000000 papycpu; C:\Windows\system32\drivers\papycpu.sys [1984 1998-10-06] () [File not signed]
R0x01000000 papyjoy; C:\Windows\system32\drivers\papyjoy.sys [1888 1998-10-06] () [File not signed]
R1 pwd_2k; C:\Windows\system32\Drivers\pwd_2k.sys [117632 2005-02-28] (Roxio) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2014-05-07] (Research in Motion Limited)
R1 UDFReadr; C:\Windows\system32\Drivers\UDFReadr.sys [202368 2005-02-28] (Roxio) [File not signed]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [41456 2008-03-05] (Cyberlink Corp.)
R3 ALSysIO; \??\C:\Users\Tom\AppData\Local\Temp\ALSysIO.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 krdpdre; \??\C:\Users\Tom\AppData\Local\Temp\krdpdre.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\Users\Tom\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 18:46 - 2014-11-10 18:51 - 00000000 ____D () C:\Users\Tom\Desktop\FRST2
2014-11-10 18:42 - 2014-11-10 18:42 - 00000165 ____H () C:\Users\Tom\Desktop\~$NRota.xlsx
2014-11-10 07:50 - 2014-11-10 11:40 - 00015300 _____ () C:\Users\Tom\Desktop\NRota.xlsx
2014-11-04 10:20 - 2014-11-04 10:20 - 00000000 ____D () C:\Users\Tom\Desktop\FRST1
2014-11-04 07:55 - 2014-11-09 09:12 - 00000000 ____D () C:\Users\Tom\Desktop\DDS
2014-11-02 15:18 - 2014-11-02 15:18 - 00000000 ____D () C:\Users\Tom\Documents\BLACKBERRY-6036
2014-11-02 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-11-02 14:38 - 2014-11-02 14:42 - 00000000 ____D () C:\AdwCleaner
2014-11-02 14:38 - 2014-11-02 14:38 - 01706359 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-11-02 14:38 - 2014-11-02 14:38 - 01375089 _____ () C:\Users\Tom\Desktop\AdwCleaner.exe
2014-11-02 14:21 - 2014-11-10 18:51 - 00000000 ____D () C:\FRST
2014-11-02 14:14 - 2014-11-02 15:17 - 00001630 _____ () C:\Windows\setupact.log
2014-11-02 14:14 - 2014-11-02 14:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 13:58 - 2014-10-23 13:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\AVG2015
2014-10-23 13:53 - 2014-11-02 13:33 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-23 13:49 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\Tom\AppData\Local\Avg2015
2014-10-15 12:21 - 2014-06-15 22:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:21 - 2014-06-13 18:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:21 - 2014-06-13 18:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:15 - 2014-09-27 23:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 11:58 - 2014-09-16 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:58 - 2014-09-04 23:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 11:57 - 2014-09-19 22:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 11:57 - 2014-09-19 22:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 11:57 - 2014-09-19 22:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 11:57 - 2014-09-19 22:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 11:57 - 2014-09-19 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 11:57 - 2014-09-19 22:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 11:57 - 2014-09-19 22:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 11:57 - 2014-09-19 22:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 11:57 - 2014-09-19 22:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 11:57 - 2014-09-19 22:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 11:57 - 2014-09-19 22:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 11:57 - 2014-09-19 22:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 11:57 - 2014-09-19 22:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 11:57 - 2014-09-19 22:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 18:52 - 2013-04-02 14:00 - 01096427 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 18:45 - 2011-04-02 10:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-10 18:41 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 18:41 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 11:31 - 2011-01-02 16:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 10:36 - 2011-09-04 08:09 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-11-10 08:11 - 2011-01-02 16:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 10:23 - 2013-01-02 20:31 - 00033282 _____ () C:\ads_err.adt
2014-11-04 10:23 - 2013-01-02 20:31 - 00003072 _____ () C:\ads_err.adi
2014-11-02 16:41 - 2006-11-02 10:33 - 00708644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 16:35 - 2013-06-04 06:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-02 16:34 - 2008-04-24 03:02 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-11-02 16:34 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 16:33 - 2008-07-04 16:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-02 16:33 - 2006-11-02 13:01 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 14:30 - 2014-07-17 18:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 13:35 - 2013-04-12 16:16 - 00000000 ____D () C:\Users\Tom\Desktop\Explorer
2014-10-28 16:10 - 2014-07-17 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 16:10 - 2014-07-17 18:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 16:07 - 2011-07-16 13:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 14:08 - 2010-09-28 18:13 - 00000000 ____D () C:\Program Files\Steam
2014-10-23 13:58 - 2011-09-26 21:00 - 00000000 ___HD () C:\$AVG
2014-10-23 13:57 - 2014-03-31 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-23 13:52 - 2011-09-26 18:50 - 00000000 ____D () C:\Program Files\AVG
2014-10-15 13:22 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 13:06 - 2006-11-02 12:47 - 00327168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 12:08 - 2013-07-11 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 11:58 - 2006-11-02 10:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Tom\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\removevirus\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-02 16:41

==================== End Of Log ============================

Attached Files



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 10 November 2014 - 08:07 PM

Thanks!  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation) <==== ATTENTION
S3 krdpdre; \??\C:\Users\Tom\AppData\Local\Temp\krdpdre.sys [X]
U3 mbr; \??\C:\Users\Tom\AppData\Local\Temp\mbr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 November 2014 - 05:15 AM

This smells like progress! AVG now booting up with computer restart though i havent touched anything (including it) until your next instruction...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01
Ran by Tom at 2014-11-11 10:07:26 Run:1
Running from C:\Users\Tom\Desktop\FRST2
Loaded Profiles: Tom & Mcx1 & removevirus & UpdatusUser (Available profiles: Tom & Mcx1 & removevirus & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation) <==== ATTENTION
S3 krdpdre; \??\C:\Users\Tom\AppData\Local\Temp\krdpdre.sys [X]
U3 mbr; \??\C:\Users\Tom\AppData\Local\Temp\mbr.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-3669477217-1891237809-903714826-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
krdpdre => Service deleted successfully.
mbr => Service deleted successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
EmptyTemp: => Removed 224 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 11 November 2014 - 12:01 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 clarkee

clarkee
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 November 2014 - 03:13 PM

Hi

Sadly Combofix did not complete.

 

It ran 50 stages and deleted some files then rebooted the system. This took approx 30 minutes

Upon reboot the message "please wait..." was present within combofix for over an hour and a half and nothing happened. I terminated it thereafter in order to use the computer.

AVG which had re-enabled itself upon rebooting after terminating combofix showed "c:\combofix\regt.3exe" as a trojan which i allowed to continue and was added to the exceptions list in AVG.

 

Please advise where now....many thanks.


Edited by clarkee, 11 November 2014 - 03:16 PM.


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 11 November 2014 - 03:27 PM

Let's see if it produced a log:

 

icon11.gif Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

 

If a log opens, please post it.  If not, just let me know.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users