Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CLOUD FRONT NET VIRUS - Please help [Closed]


  • This topic is locked This topic is locked

#1
shazzztasstic

shazzztasstic

    New Member

  • Member
  • Pip
  • 7 posts
Hi There, I would like to ask for some help if possible. My laptop is infected by a virus which opens random browser windows, pop ups and fake surveys etc. The browser windows are named something like 'd11 cloudfront.net etc'. I noticed someone had ran an OTL scan and was given a code to paste in for a fix, but i didnt want to paste in the same code as i may a different one, i understand. My local PC shop want to charge me £30 and can't afford to pay that out right now, so hoping someone can help - I am very grateful. Here is the OTL scan result log:

OTL Extras logfile created on: 21/06/2013 10:39:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sharon\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.49% Memory free
7.89 Gb Paging File | 4.37 Gb Available in Paging File | 55.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 23.16 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
Drive D: | 157.55 Gb Total Space | 157.43 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SHARON | User Name: sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04666741-1E02-49E0-8530-6B8DC12E562C}" = lport=139 | protocol=6 | dir=in | app=system |
"{11A24EC0-7D09-4864-9062-99CF5EB13511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26A5FC48-B0E9-4517-BEA2-903444B74CBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27563606-84DE-4BF5-AAB3-F06FEC95E799}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F334C12-4031-49D5-94EC-D97A90546AD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A1AAAC5-5CD9-4A63-A6C2-07A6DBD2FD18}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40156223-7414-4B03-9A54-19C5845B12E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{48657768-7DB0-4FBB-B1DE-47DB47B3B67D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AA4DFCF-3F3E-4CB2-8354-3293B6E76FC5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50D8C83F-5786-47CC-97C8-CC93AC1E1817}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5358880C-D187-48A3-BF7C-991D521E70DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5949745D-40AA-4CFD-A017-C612671D38F8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F7B7C5D-E2FE-414C-BFB2-B861F7CBFEFD}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BE150A2-14B0-4504-8AF3-1AD6FD4EE76E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7230AFDC-0881-453A-A45F-1560B203DFEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7957A712-6A17-4555-A40E-18A9C7C2A9CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EB423AB-0AF9-4B3D-91C0-575826A8069B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{82A3E4EE-1589-40A6-B6AC-472414D951E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{84C43D83-9D46-4C22-9ADC-904BC7A96B46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86334D11-A883-4D81-AAB1-ACF9A20B7990}" = lport=10243 | protocol=6 | dir=in | app=system |
"{928DCB88-50FC-4D0C-9F7D-D25F5386BBCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DC736A5-8490-4E30-A714-8DD6CB600EB4}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA890EFD-5F73-4289-A6A9-12BA773628F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B0E1AE3D-0EE5-4A81-947D-9073A0E2EEAB}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7038AEA-FE9F-417A-9FD5-B793F7731A3E}" = rport=445 | protocol=6 | dir=out | app=system |
"{B73BEB82-FDE6-4BC1-9B38-ACF89BF47A60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9CE6E4D-93C8-4A2D-8AD0-6180C3DEA149}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C0C78327-A459-443D-82C7-2CFEAD8338EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D686F83D-2A80-435D-9801-5DF9E1E37BBE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DCE8F125-3469-4204-BB4F-3369BA5AE47A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{EC3A6B13-4600-4657-A531-FA7DB9823CC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2CA48A0-3F09-4372-AE17-B50093B79BD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{F91ECB06-0BEE-4B47-928B-34DB0157F56F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF954F20-3D08-4349-917C-FD619CEC2CDB}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EA935E-1ED2-4FB0-A135-03D4AEE845D3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{065B39C2-3730-4A09-9BCB-E3F16670814B}" = dir=out | name=microsoft solitaire collection |
"{0BA65547-D03E-4F8C-86B6-2EE633437A24}" = dir=out | [email protected]{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{107FC2E9-3DBD-4058-8A86-2C11978C621B}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{13FE1132-07DD-484A-8EA8-CC838FA19A6F}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{16DD2EDC-BCC0-443F-94F8-B0F04F78185C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1744BF80-AA0E-451E-B025-ACEB4DC17538}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{1BAB08C6-9EAC-4E47-B542-45F62E2BC860}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{1E5EB3B8-A509-4314-B678-55CC681B85AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1F9CF79A-DE70-4296-A8CC-0835D23E7A0F}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{227332B4-CE1B-4B9D-B5A0-E114454C4836}" = protocol=1 | dir=in | [email protected],-28543 |
"{23332D9D-B287-42FB-A85F-DB5FFB063BF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25FDCEE4-E939-4975-AB79-0965669273A3}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{303F349F-ECD3-4177-9E8D-49AAD7487F72}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{31079A18-9D7A-416C-BA14-D6237A8C47B9}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{3287572B-0D64-48D5-872E-E909BEF2F285}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{338EAB1C-501F-4FEC-B3E7-A65A7233A665}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{34FF3EA3-8B49-4337-9933-0E249F4053DD}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3D21413C-C79E-48CB-AF2C-BBE3FB495A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45FF4E4E-4B07-490D-A2E5-537510935B3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{53C0F5B1-2021-451F-93EB-5B6C9350F51B}" = dir=out | [email protected]{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5CEC3BAB-15CC-4152-BE0C-AA5449CD6AD3}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{61B74A66-4D05-4DBD-96BC-103EF0F0A768}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6328B439-6BBE-45E5-A204-59EB88106C97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6536A8F4-845C-4AB7-9C79-61FC50BCB7C5}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6A110E4D-2062-4754-A230-40ACF7B9A107}" = dir=out | name=taptiles |
"{6B480A70-8192-44A4-8CF6-F72D3BB20720}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BB741E0-6E71-4C8E-A07D-4565F32CE009}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{704E7988-FA98-49B5-96E9-06EF08F59201}" = dir=out | [email protected]{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{724BB12A-E1BA-4BBF-889F-3DF7E8672C46}" = dir=out | [email protected]{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{72DBE66B-1A42-4B72-9AB3-230706FE9C9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7872AA7D-09E5-41E9-ACD1-CE0A77B84CA2}" = dir=in | [email protected]{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{7E3A8890-3FBC-4399-B496-370D204F91B1}" = protocol=6 | dir=out | app=system |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{829F469C-A4CF-461F-9947-21B47CBB1DC2}" = protocol=1 | dir=out | [email protected],-28544 |
"{8794327A-B86C-43B7-BB5F-E1B8A51D9F64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AC3EB4F-A60A-467A-BC43-E3DB40A5FF9D}" = dir=out | name=fresh paint |
"{8E11ACBA-85CD-48CF-8838-1FBF01A3F26E}" = dir=out | [email protected]{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{8F9FB893-EB25-4135-86FF-F578FD3EA81E}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{92CF8BB2-BC9C-46DF-9BEC-AD02098C8E7C}" = protocol=58 | dir=in | [email protected],-28545 |
"{93DAF4D4-7B18-4786-9885-9E07C21247CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C355CD2-6FF9-4EDA-9DB4-C68ED41D5F85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A756F5B5-1C8D-47C9-A2EB-E52373F96F74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD18FABF-5649-4C84-844D-D047B01B3864}" = dir=out | [email protected]{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{AFE2D6A4-F596-470F-9BE2-F7D2E21082B7}" = dir=out | name=wordament |
"{B8C3EE27-538E-4B54-9A31-475B85F3AD37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA5602FD-06A7-4554-A2E3-21AA1931E93D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{BFF806F8-90F4-4A5B-9AF5-4840CD8CBACF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C3FC91DA-D8AA-47B4-9178-7F35BCFC2196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C42CE270-3E93-4E9B-8CCF-2A85FFA1D651}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C783CBC4-964A-480D-A231-3896D7EBEBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{CAD20C9C-473E-4348-A3FE-E506C3228A5C}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{D3D77022-A211-4024-8842-E51881686B6C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{D5C3019B-7445-4B48-ABCA-3258BFC06D09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DC499EF6-EDF4-4DA0-A9C8-A8E1F02DE250}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEE509F5-9201-498B-B6B4-4BA351F2640F}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF354443-0A8E-486C-9FE8-557AB4FF3406}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E39829DC-CF54-4F58-80FB-AB6591A2EF05}" = dir=in | [email protected]{microsoft.skypeapp_1.6.0.115_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{E4321BC5-0BE5-4E77-9538-A80445AA8FBB}" = dir=out | [email protected]{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{E58A0C66-4097-40D0-8A5B-AB2237439AC6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5A4C5E2-F2BD-4752-9087-F87328A590DA}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E78EC7F0-287C-487D-90B8-D571B1C66610}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E83D0105-0D21-4BCD-918C-873AE2856661}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F33A69D4-644D-4004-A935-AA61F3D42DAB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F48E1CFB-D697-45A4-984E-F9336388B4E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD322A0B-2B77-433A-8B22-3C4D9A0C1B31}" = dir=out | name=adera |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09350823-BE9F-4CC1-B621-C8F113F714D5}" = AVG 2013
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2013
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{5491D57A-F7CA-4A4F-99A5-989647A0AB77}" = LeapFrog Connect
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DDC435C-29CA-483C-A396-98BE8D4EFC2C}" = LeapFrog Leapster Explorer Plugin
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"avast" = avast! Free Antivirus
"FastFox" = FastFox
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"MSC" = McAfee Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Scribe" = Express Scribe
"SpyAlert" = Spy Alert
"Switch" = Switch Sound File Converter
"UPCShell" = LeapFrog Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"DSite" = Update for Zip Opener

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/06/2013 14:30:06 | Computer Name = sharon | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b2c Start
Time: 01ce692d0c8266d8 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: 594880f8-d520-11e2-bea5-08606e15f9a0 Faulting package full name: microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.ModernPhotos

Error - 14/06/2013 16:22:02 | Computer Name = sharon | Source = Application Error | ID = 1000
Description = Faulting application name: wwahost.exe, version: 6.2.9200.16420, time
stamp: 0x505a9152 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451,
time stamp: 0x50988aa6 Exception code: 0x00000004 Fault offset: 0x000000000003811c
Faulting
process ID: 0x191c Faulting application start time: 0x01ce692d2828cc6d Faulting application
path: C:\Windows\system32\wwahost.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
ID: 11eb6671-d530-11e2-bea5-08606e15f9a0 Faulting package full name: microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe
Faulting
package-relative application ID: Microsoft.WindowsLive.ModernPhotos

Error - 15/06/2013 15:16:49 | Computer Name = sharon | Source = .NET Runtime | ID = 1026
Description =

Error - 15/06/2013 15:16:55 | Computer Name = sharon | Source = Application Error | ID = 1000
Description = Faulting application name: LiveUpdate.exe, version: 3.1.9.0, time
stamp: 0x503433d7 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time
stamp: 0x515fac6e Exception code: 0xc0000008 Fault offset: 0x0007bac5 Faulting process
ID: 0x14c4 Faulting application start time: 0x01ce69fc15a61f30 Faulting application
path: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report ID: 23ac2c67-d5f0-11e2-bea7-08606e15f9a0
Faulting
package full name: Faulting package-relative application ID:

Error - 15/06/2013 15:17:17 | Computer Name = sharon | Source = Application Hang | ID = 1002
Description = The program glcnd.exe version 6.2.8516.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1838 Start
Time: 01ce69fcdd69d994 Termination Time: 82 Application Path: C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe

Report
Id: 292bd247-d5f0-11e2-bea7-08606e15f9a0 Faulting package full name: Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.Reader

Error - 15/06/2013 15:17:20 | Computer Name = sharon | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader did not launch
within its allotted time.

Error - 16/06/2013 18:28:43 | Computer Name = sharon | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.2.9200.16433 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b14 Start
Time: 01ce69fbf5e39f10 Termination Time: 256 Application Path: C:\Windows\Explorer.EXE

Report
Id: 05f43a57-d6d4-11e2-bea7-08606e15f9a0 Faulting package full name: Faulting package-relative
application ID:

Error - 17/06/2013 05:13:08 | Computer Name = sharon | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe
was terminated because it took too long to suspend.

Error - 17/06/2013 05:13:35 | Computer Name = sharon | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1dac Start
Time: 01ce6ae084eea575 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: 202a2e10-d72e-11e2-bea7-08606e15f9a0 Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.Chat

Error - 17/06/2013 05:31:37 | Computer Name = sharon | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 07/06/2013 20:05:30 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 08/06/2013 02:19:08 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 08/06/2013 04:06:16 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 08/06/2013 05:22:33 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 08/06/2013 18:47:15 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 08/06/2013 19:11:15 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 09/06/2013 07:25:42 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 09/06/2013 14:14:05 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 09/06/2013 14:25:29 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 09/06/2013 14:34:32 | Computer Name = sharon | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =


< End of report >
  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello shazzztasstic and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

You didn’t post the OTL.txt log but I’d like you to run these programs in the order given and then run OTL again and send the new log.


Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Please remember to run OTL again and send the new log.

Logs to include with next post:

AdwCleaner log
aswMBR log
New OTL log


Thanks

Satchfan
  • 0

#3
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Satchfan,

Thank you very much for your help and instructions.Attached File  AdwCleanerS1.txt   5.01KB   67 downloads Please Attached File  OTL.Txt   136.24KB   45 downloadsfind the logs attached.

Attached Files


  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Things should be running better now but there are still some issues.

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

Download Malwarebytes-Anti-Malware

Click here

  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

checkup.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan
  • 0

#5
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi There,

Unfortunately, i cannot install Secuirity Check for some reason. I get the message 'CRC failed in SecurityCheck\Other\swreg.exe
Unexpected end of archive' as it tries to install. Is there another one application to try instead? I still have the virus as am still getting random pop ups and browser window which have the following address: http://d11vdn9ox0j18...tid=3;ev=1;dt=1


I attach the other log and would be grateful if you could recommend anything else to try.

many thanks
  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
We’re a bit restricted here as a lot of our tools have not been adapted for use on Windows 8 yet but we’ll crack on and see what we can sort out with the ones available.


Multiple antiviruses

You have Avast and AVG antivirus programs installed plus a remnant of McAfee.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall AVG but it is your choice.

  • right-click in the screen’s bottom-left corner and choose the Control Panelfrom the pop-up menu
Note: if you can’t access the Control Panel that way see here for other methods.

  • choose Uninstall a Program from the “Programs” category
  • the “Uninstall” window appears, listing your currently installed programs
  • scroll down the list click on either Avast or AVG and then on the Uninstall button.
If you removed AVG:

Run AVG removal tool

There will still be some remnants of AVG on your computer even after the uninstall so please download and run AVG Removal Tool from here.

Run McAfee removal tool

As I said above, there is at least one remnant of McAfee
run McAfee Removal Tool

===================================================

Run DDS

I need to see what is installed on your computer and this is a tool that will supply this; plus it will look in different places than OTL.

Please download DDS by sUBs from the following link and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • double click DDS icon to run the tool (may take up to 3 minutes to run)
  • when done, DDS.txt will open.
  • after a few moments, attach.txt will open in a second window.
  • save both reports to your desktop.
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply.
===================================================

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewallsfc
  • System Restore
  • Security Center
  • Windows Update
  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.
Please also copy/paste the Malwarebytes log as I didn’t get it the last time.

Logs to be included in your next reply:

DDS.txt
Attach.txt
FSS.txt
Mbam.txt
.

Thanks

Satchfan
  • 0

#7
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hi shazzztasstic

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Thanks

Satchfan
  • 0

#8
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Satchfan,

Sorry for the delay in replying, i have been away. I am still having problems and had some issues with last things you advised. I was able to remove McAfee totally. I removed AVG but the link to the removal tool did not work, so i may still have remnants. The link to DDS did not work and i could not download it - i.e. it would not start downloading when i clicked on the 'descargar' button. Farbar was ok and i attach the result and also that of the Mbam, as requested. I still have exactly the same problems as originally. Many thanks.

Attached Files


  • 0

#9
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Sorry for the delay in replying, i have been away.

No problem but if you are going to be delayed, please let me know as posts are closed after 3 days of non-response.

I still have exactly the same problems as originally

I’m not surprised that the symptoms are still there as we have not “fixed” anything yet and I need to find the source of the problem first.

I removed AVG but the link to the removal tool did not work

I don’t know why the links didn’t work for you because I’ve checked them in IE and Firefox and they work for me.


Try running DDS again using this link.

DDS.com

===================================================

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)


  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:


    :filefind
    *cloudfront*
    
    :folderfind
    *cloudfront*
    
    :Regfind
    cloudfront
    

  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs to be included in your next reply:

DDS.txt
Attach.txt
SystemLook.txt
.

Please can you copy/paste them, not attach them.

Thanks

Satchfan
  • 0

#10
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Again,

The links to SystemLook do not work, i have also tried in IE and Chrome to no avail- it shows an error message '404 file not found' in both. DDS works now and i have copied and pasted the info below:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2013 14:04:39
System Uptime: 25/06/2013 19:55:31 (15 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel® Celeron® CPU B820 @ 1.70GHz | SOCKET 0 | 1700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 21.095 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 157.428 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP20: 07/06/2013 14:15:37 - Scheduled Checkpoint
RP21: 14/06/2013 15:45:58 - avast! Free Antivirus Setup
RP22: 22/06/2013 14:43:20 - Scheduled Checkpoint
RP23: 26/06/2013 09:19:54 - Removed AVG 2013
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Kindle
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Product Demo Movie
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ASUSDVD
ATK Package
avast! Free Antivirus
AVG Security Toolbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Express Scribe
FastFox
Google Chrome
Google Drive
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband HL Service
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
SparkTrust PC Cleaner Plus
Spy Alert
SUPERAntiSpyware
Switch Sound File Converter
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Zip Opener
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Visual Studio 2010 x64 Redistributables
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
26/06/2013 08:56:26, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
26/06/2013 08:45:16, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
25/06/2013 23:35:51, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
25/06/2013 19:56:42, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
25/06/2013 19:55:42, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
25/06/2013 19:54:49, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The system cannot find the path specified.
22/06/2013 17:10:17, Error: bowser [8003] - The master browser has received a server announcement from the computer ACER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C87E1D78-A215-422A-A7BC-D9A06D7537D0}. The master browser is stopping or an election is being forced.
21/06/2013 15:36:52, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
20/06/2013 23:13:17, Error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
19/06/2013 13:55:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wcmsvc service.
19/06/2013 13:55:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================


DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by sharon at 10:50:29 on 2013-06-26
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3980.1373 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\NCH Software\FastFox\fastfox64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysearch.avg.com/?cid={233500A9-0EAD-4DDD-823B-05F79AE5CB95}&mid=9158a4e1e43047d39d2ed92928f11053-f0396f2ee26a7c1020d90c3b3fc637cf0b80fbf7&lang=en&ds=AVG&pr=fr&d=2013-05-01 08:38:37&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FastFox] "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A73FF20-C003-4705-A83F-0DC9194F6A7D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{75F2F144-D3D5-4B84-9429-1FE8109329A4} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B3DF8BB3-FDC7-4387-B130-53354D7EECF5} : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{C87E1D78-A215-422A-A7BC-D9A06D7537D0} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C87E1D78-A215-422A-A7BC-D9A06D7537D0}\2656478616E697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C87E1D78-A215-422A-A7BC-D9A06D7537D0}\441667964637F6E637 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C87E1D78-A215-422A-A7BC-D9A06D7537D0}\75C414E4733343 : DHCPNameServer = 192.168.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-14 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-14 189936]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-14 1025808]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-14 378432]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-14 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-14 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-14 46808]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-28 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-28 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-28 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-22 701512]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-5-26 232288]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-28 365376]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-9 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-9 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-22 25928]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-12-28 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-28 683664]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-13 196440]
S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\Drivers\ssadserd.sys [2011-5-13 146920]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-06-26 07:57:32 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-06-25 18:57:32 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 18:57:31 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-22 16:23:23 -------- d-----w- C:\Users\sharon\AppData\Local\AVG Secure Search
2013-06-22 16:22:57 -------- d-----w- C:\ProgramData\AVG Secure Search
2013-06-22 16:22:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2013-06-22 15:13:33 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-22 15:13:22 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-06-22 15:13:14 1332736 ----a-w- C:\Windows\System32\sysmain.dll
2013-06-22 15:13:14 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2013-06-22 15:13:09 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-06-22 15:13:02 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2013-06-22 15:11:59 93696 ----a-w- C:\Windows\System32\psmsrv.dll
2013-06-22 15:10:58 389632 ----a-w- C:\Windows\SysWow64\intl.cpl
2013-06-22 15:08:19 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-06-22 15:08:19 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-06-22 15:08:17 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-06-22 15:08:14 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-06-22 15:07:59 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-06-22 15:07:58 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-06-22 15:04:33 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-22 15:04:32 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-22 15:04:30 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-06-22 15:04:27 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-22 15:04:24 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-22 15:04:23 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-22 15:04:23 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-22 15:04:09 733184 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-22 15:04:05 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-22 15:03:21 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-22 15:03:20 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-22 15:02:50 17271808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-22 15:02:47 16642560 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-22 07:22:02 -------- d-----w- C:\Users\sharon\AppData\Roaming\Malwarebytes
2013-06-22 07:21:47 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-22 07:21:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-22 07:21:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-22 07:21:25 -------- d-----w- C:\Users\sharon\AppData\Local\Programs
2013-06-20 22:08:08 -------- d-----w- C:\Users\sharon\AppData\Local\SUPERSystemInspector
2013-06-20 18:21:34 -------- d-----w- C:\Users\sharon\AppData\Roaming\SparkTrust
2013-06-20 18:21:08 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust
2013-06-20 18:21:00 -------- d-----w- C:\ProgramData\SparkTrust
2013-06-20 18:21:00 -------- d-----w- C:\Program Files (x86)\SparkTrust
2013-06-19 09:49:23 253104 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10207.bin
2013-06-15 19:24:13 -------- d-----w- C:\Users\sharon\AppData\Local\Adobe
2013-06-14 16:04:00 -------- d-----w- C:\Users\sharon\AppData\Roaming\SUPERAntiSpyware.com
2013-06-14 16:03:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-14 16:03:42 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-06-14 14:49:54 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-06-14 14:49:38 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-06-14 14:49:38 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-14 14:49:38 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-14 14:49:34 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-06-14 14:47:19 41664 ----a-w- C:\Windows\avastSS.scr
2013-06-14 14:46:43 -------- d-----w- C:\Program Files\AVAST Software
2013-06-14 14:45:46 -------- d-----w- C:\ProgramData\AVAST Software
2013-06-01 07:33:40 -------- d-----w- C:\Program Files (x86)\SpyAlert
.
==================== Find3M ====================
.
2013-06-25 18:58:33 401 ----a-w- C:\Users\sharon\AppData\Roaming\sp_data.sys
2013-06-22 16:21:20 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll
2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-04 04:51:38 14848 ----a-w- C:\Windows\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:10:47 14848 ----a-w- C:\Windows\SysWow64\rars.rs
2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-04-28 22:28:00 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\Windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\Windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\Windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\Windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\Windows\System32\dmvdsitf.dll
2013-04-09 04:48:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2013-04-09 02:35:13 4038144 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:51:27.10 ===============
  • 0

Advertisements


#11
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Sorry about the SystemLook links. They were recently changed and I supplied the wrong ones.

Try this one:

SystemLook

Satchfan
  • 0

#12
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks, Satchfan, the file worked that time and the text log is as follows:

SystemLook 04.09.10 by jpshortstuff
Log created at 13:10 on 27/06/2013 by sharon
Administrator - Elevation successful

No Context: filefind

No Context: *cloudfront*

========== folderfind ==========

Searching for "*cloudfront*"
No folders found.

========== Regfind ==========

Searching for "cloudfront"
No data found.

-= EOF =-
  • 0

#13
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
It appears that you didn’t include the colon, (:), before “filefind” and so the program didn’t look for it.

Let’s try again.

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:


    :filefind
    *cloudfront*
    

  • click the Look button to start the scan.
  • when finished, please post the log in your next reply.
Satchfan
  • 0

#14
shazzztasstic

shazzztasstic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oops, sorry! Here it is: :wub:

SystemLook 04.09.10 by jpshortstuff
Log created at 17:53 on 27/06/2013 by sharon
Administrator - Elevation successful

========== filefind ==========

Searching for "*cloudfront*"
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d25s4dbsms5nvt.cloudfront.net_0.localstorage --a---- 8192 bytes [20:11 20/06/2013] [15:06 27/06/2013] 4E76DE43DB9F74DCAB2A9230F60FFC7A
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d25s4dbsms5nvt.cloudfront.net_0.localstorage-journal --a---- 8768 bytes [20:11 20/06/2013] [15:06 27/06/2013] 0447EB5EBA1D60B8375F9F10B728EEC9
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d11vdn9ox0j18d.cloudfront.net_0.localstorage --a---- 3072 bytes [20:12 20/06/2013] [12:09 27/06/2013] BB72DDB722684EA0ADE158628FFD0954
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d11vdn9ox0j18d.cloudfront.net_0.localstorage-journal --a---- 3608 bytes [20:12 20/06/2013] [12:09 27/06/2013] ACA880291E9F989CE13E8ECAA0D94CD4
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d25s4dbsms5nvt.cloudfront.net_0.localstorage --a---- 17408 bytes [20:12 20/06/2013] [16:52 27/06/2013] A5D1064070E2E469A12B91D2C4997C16
C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d25s4dbsms5nvt.cloudfront.net_0.localstorage-journal --a---- 16384 bytes [20:12 20/06/2013] [16:52 27/06/2013] FE98F7E61FC17EFED80E41C3191AD2A7
  • 0

#15
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
That confirms my suspicions – Google Chrome is the problem and it is one we see regularly.

Uninstall Chrome and if asked about user data or settings, remove those also.

When you’ve done that, let me know if the problem remains.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP