Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Virus possible Artua Vladislav (fs) and other symptoms [Closed

Started by Feather24 , Aug 16 2013 08:41 AM

  • This topic is locked This topic is locked

#121
Feather24
Posted 13 October 2013 - 11:57 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs thanks so much for all your help.

I intend to do this action, lots of steps, over next couple of days - can you keep it open until end of Tuesday as I won't be doing anything further today. Just so I can check I still have done all ok.

yes I'll raise it in the other forum.

Thanks for all your patience and skill, you have been so great and helpful I am very grateful.

I know where to come if problems return, if you can stand it!!

:)
  • 0

Advertisements

#122
godawgs
Posted 13 October 2013 - 12:20 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome and I will keep the topic open for 3 or 4 days unless I hear form you before then.
  • 0

#123
Feather24
Posted 15 October 2013 - 03:34 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawags thanks that would be great. I have a question that came to mind. It's about my AVG antivirus, currently I have 2013 version, I remember you saying that you thought I only had 2011 from the logs. I had been wondering if my antivirus was working for 2013 version or has it been disabled, how can we check that?

thanks
  • 0

#124
godawgs
Posted 15 October 2013 - 07:13 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I'm not sure why the Farbar Service Scanner showed your AVG program to be AVG 2011. Could have been a left over Registry key showing AVG 2011...but up to date with virus definitions.
At any rate, your last OTL scan shows AVG 2013 is installed and running at start up. You should be able to check this by opening the AVG program. It should tell you which version you are running.
  • 0

#125
Feather24
Posted 16 October 2013 - 03:02 PM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok thanks Godawgs, I've been noticing that the hanging has been getting worse over the last few days, could there be a reason for that? Needing to reboot 3-4 daily now.

thanks
  • 0

#126
godawgs
Posted 17 October 2013 - 09:00 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm sure there is a reason for it. But your last scans were clean so I don't believe it's malware related. We've already reset the browsers once and that didn't seem to help. You've started the browsers in safe mode which would disable any add-ons or extensions and that didn't seem to help, so I'm at a loss.
We can take one more look with a different scanner if you want. If you do:


Fabar Recovery Scan

Step-A.

Download the Tool
  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(32bit Version) button and save it to your desktop.
Step-B.

Run the Tool
Close all open Windows and browsers
  • Right click the FRST.exe file and click Run as Administrator to run the tool. OK any UAC prompts you might get.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please post the FRST.txt log and the Addition.txt log in your next reply.
  • 0

#127
Feather24
Posted 18 October 2013 - 04:16 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Thanks I'll run this today and get back to you.
  • 0

#128
Feather24
Posted 18 October 2013 - 04:23 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Frances (administrator) on FRANCES-PC on 18-10-2013 11:18:41
Running from C:\Users\Frances\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\VisionBoard\visionboardlauncher.exe
(Google) C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
(Alexander Nikiforov) C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
(Dropbox, Inc.) C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [1841664 2011-09-07] (Alcatel-Lucent)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [visionboard] - C:\Program Files\VisionBoard\visionboardlauncher.exe [1176064 2009-07-11] ()
HKCU\...\Run: [googletalk] - C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKCU\...\Run: [MP3 Skype Recorder] - C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-18] (Alexander Nikiforov)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x794BFD452B67CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA))
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Frances\AppData\Local\Temp\catchme.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 11:18 - 2013-10-18 11:18 - 00000000 ____D C:\FRST
2013-10-18 11:17 - 2013-10-18 11:16 - 01087213 _____ (Farbar) C:\Users\Frances\Desktop\FRST.exe
2013-10-16 16:17 - 2013-10-16 16:17 - 00000082 ____H C:\Windows\WindowsShellUK.Manifest
2013-10-16 16:17 - 2013-10-16 16:17 - 00000031 ____H C:\Windows\UKCpInfo.sys
2013-10-16 16:17 - 2013-10-16 16:17 - 00000000 ____D C:\Windows\Cache
2013-10-16 16:17 - 2013-10-16 16:17 - 00000000 ____D C:\Program Files\Coupon Printer
2013-10-16 16:16 - 2013-10-16 16:16 - 01628680 _____ (Coupons.com Incorporated) C:\Users\Frances\Desktop\couponprinterbis.exe
2013-10-16 16:14 - 2013-10-16 16:14 - 00000000 ____D C:\Users\Frances\AppData\Roaming\coupons
2013-10-14 11:08 - 2013-10-14 11:08 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 11:07 - 2013-10-14 11:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-14 11:07 - 2013-10-14 11:08 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 11:07 - 2013-10-14 11:07 - 00000000 ____D C:\Program Files\iPod
2013-10-12 09:53 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-12 09:53 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:43 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:43 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:43 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:43 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:43 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:43 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:43 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:42 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 00:19 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:19 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:19 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:19 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 00:19 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 00:19 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 00:19 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 00:19 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 00:19 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:19 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:19 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:19 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:19 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:18 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:18 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:18 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:18 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 00:18 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 00:18 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 00:18 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 00:18 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 00:18 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:18 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:18 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:18 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:18 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-24 10:40 - 2013-09-24 11:16 - 00002782 _____ C:\Users\Frances\Desktop\checkhd.txt

==================== One Month Modified Files and Folders =======

2013-10-18 11:18 - 2013-10-18 11:18 - 00000000 ____D C:\FRST
2013-10-18 11:16 - 2013-10-18 11:17 - 01087213 _____ (Farbar) C:\Users\Frances\Desktop\FRST.exe
2013-10-18 11:16 - 2011-02-27 13:37 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 11:15 - 2011-02-27 13:38 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 10:49 - 2012-04-01 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 10:36 - 2009-07-14 05:34 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 10:36 - 2009-07-14 05:34 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 10:35 - 2010-10-09 15:01 - 00000000 ____D C:\ProgramData\MFAData
2013-10-18 10:32 - 2010-10-08 20:37 - 01953717 _____ C:\Windows\WindowsUpdate.log
2013-10-18 10:29 - 2011-11-03 13:04 - 00000000 ___RD C:\Users\Frances\Dropbox
2013-10-18 10:29 - 2011-11-03 13:00 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Dropbox
2013-10-18 10:29 - 2011-02-27 13:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-18 10:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 10:28 - 2013-07-09 12:26 - 00043848 _____ C:\Windows\setupact.log
2013-10-16 17:45 - 2010-11-11 19:48 - 00000000 ____D C:\Users\Frances\Documents\FinePrint files
2013-10-16 16:17 - 2013-10-16 16:17 - 00000082 ____H C:\Windows\WindowsShellUK.Manifest
2013-10-16 16:17 - 2013-10-16 16:17 - 00000031 ____H C:\Windows\UKCpInfo.sys
2013-10-16 16:17 - 2013-10-16 16:17 - 00000000 ____D C:\Windows\Cache
2013-10-16 16:17 - 2013-10-16 16:17 - 00000000 ____D C:\Program Files\Coupon Printer
2013-10-16 16:16 - 2013-10-16 16:16 - 01628680 _____ (Coupons.com Incorporated) C:\Users\Frances\Desktop\couponprinterbis.exe
2013-10-16 16:14 - 2013-10-16 16:14 - 00000000 ____D C:\Users\Frances\AppData\Roaming\coupons
2013-10-14 11:08 - 2013-10-14 11:08 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-14 11:08 - 2013-10-14 11:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-14 11:08 - 2013-10-14 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 11:07 - 2013-10-14 11:07 - 00000000 ____D C:\Program Files\iPod
2013-10-14 11:07 - 2010-10-11 17:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-13 02:22 - 2010-10-11 16:43 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Skype
2013-10-12 22:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-12 12:22 - 2010-10-11 16:42 - 00000000 ___RD C:\Program Files\Skype
2013-10-12 12:22 - 2010-10-11 16:42 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 09:50 - 2011-04-12 16:51 - 00000000 ____D C:\Users\Frances\AppData\Local\Paint.NET
2013-10-11 23:50 - 2009-07-14 05:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-10 10:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 09:09 - 2010-10-08 20:39 - 00822116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 09:03 - 2009-07-14 05:33 - 00432736 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:00 - 2010-11-11 18:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 00:51 - 2010-10-31 18:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:48 - 2013-07-24 01:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 00:45 - 2010-10-09 10:18 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 20:49 - 2012-04-01 16:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 20:49 - 2011-06-29 11:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 17:13 - 2013-07-10 19:03 - 00007698 _____ C:\Windows\PFRO.log
2013-10-01 22:00 - 2013-07-12 14:12 - 00095372 _____ C:\Users\Frances\Desktop\OTL.Txt
2013-10-01 17:50 - 2012-04-25 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 16:41 - 2012-10-13 23:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 16:41 - 2011-04-18 17:22 - 00000000 ____D C:\Users\Frances\AppData\Local\Mozilla
2013-09-24 11:16 - 2013-09-24 10:40 - 00002782 _____ C:\Users\Frances\Desktop\checkhd.txt
2013-09-23 00:28 - 2013-10-10 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:28 - 2013-10-10 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:28 - 2013-10-10 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:27 - 2013-10-10 00:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:27 - 2013-10-10 00:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:27 - 2013-10-10 00:42 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 21:54 - 2010-10-11 17:04 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Apple Computer
2013-09-21 04:30 - 2013-10-10 00:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 03:39 - 2013-10-10 00:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 20:21

==================== End Of Log ============================
  • 0

#129
Feather24
Posted 18 October 2013 - 04:23 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Frances at 2013-10-18 11:20:03
Running from C:\Users\Frances\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Amazon Kindle For PC
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
Avery Wizard 3.1 (Version: 3.1.8)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Belkin Wireless USB Utility (Version: 6.3.2.16)
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0)
CCleaner (Version: 4.03)
Citrix Online Launcher (Version: 1.0.122)
Coupon Printer (Version: 2.2.0.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.0.22)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.1.5.0)
EPSON Easy Photo Print (Version: 1.2.2.0)
EPSON File Manager (Version: 1.1.0.0)
EPSON Image Clip Palette (Version: 1.02.00)
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Web-To-Page
ESDX3800 User's Guide
FinePrint (Version: 6.15)
Google Chrome (Version: 30.0.1599.101)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
IAW20
iCloud (Version: 3.0.2.163)
ImagXpress (Version: 7.0.74.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.98.3 for Audacity
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.268)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (Version: 4.0.11308.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MP3 Skype Recorder (Version: 3.1.3)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Paint.NET v3.5.8 (Version: 3.58.0)
Pamela Pro 4.7 (Version: 4.7)
Picasa 3 (Version: 3.9)
PIF DESIGNER
QuickTime (Version: 7.74.80.86)
Safari (Version: 5.34.57.2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (Version: 10.3.5500.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.7 (Version: 6.7.102)
SpywareBlaster 5.0 (Version: 5.0.0)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
SUPERAntiSpyware (Version: 5.6.1020)
TweetDeck (Version: 0.38.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Vision Board 1.31 (Version: 1.31)
VisionBoard Movie Recorder 1.00 (Version: 1.00)
Vocal Remover (Version: 1.2.4)

==================== Restore Points =========================

21-09-2013 13:30:30 OTL Restore Point - 21/09/2013 14:30:24
21-09-2013 13:41:09 OTL Restore Point - 21/09/2013 14:41:09
22-09-2013 17:55:38 OTL Restore Point - 22/09/2013 18:55:31
26-09-2013 09:44:38 OTL Restore Point - 26/09/2013 10:44:29
03-10-2013 19:13:58 Scheduled Checkpoint
09-10-2013 23:36:58 Windows Update
12-10-2013 08:53:33 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-09-16 10:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BF4CE4D-706E-46CC-A3E9-F900A6C97CFC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0C973607-48C4-4CB1-9362-C08C7B89B9CD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {2B17A39E-0C7C-42A7-A404-47C0EB3FFE4F} - System32\Tasks\{6F30B801-45EE-40AC-8EE3-E56FDF76A6EF} => C:\Program Files\Amazon\Kindle For PC\KindleForPC.exe [2010-11-11] (Amazon.com)
Task: {37718E09-EA3C-4D4F-B360-7BAA10363019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-27] (Google Inc.)
Task: {41D8CFDB-F028-4B44-A129-AEE653CDA760} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {503F092D-6E21-4850-B26A-6487E3255864} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64C705D5-6051-409F-B1E7-24064A1F46D8} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {7E89D135-9068-4AB2-A641-9EE2359532C8} - System32\Tasks\{4A096E15-7CAA-4A7D-ADA6-0FDB95784895} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: {8FED1C95-A43C-4545-BBC1-ACDEC9711A5B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {90395C66-3721-462E-822A-554DA714AB35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9306A6D6-0D90-4322-8316-C05CC2C376F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {AD759222-36F6-448D-8356-0D9419ADF487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-27] (Google Inc.)
Task: {BE043F62-5F1F-412B-90D0-F6DD9CBD33D4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {CBF392AA-617E-4328-826C-038BF4F7EB55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Frances Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
Task: {EE99BD7C-D3D9-4A01-801E-C02D2F96E0B0} - System32\Tasks\{70BEF97D-6873-4354-BFC2-0CAC1AE91DB4} => C:\Program Files\Skype\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6022

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009


System errors:
=============
Error: (10/18/2013 00:18:26 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/17/2013 08:39:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (10/17/2013 08:18:32 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (10/17/2013 08:39:08 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/17/2013 06:50:41 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/17/2013 06:49:13 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/17/2013 01:04:34 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2013 09:38:11 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2013 09:36:36 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2013 08:43:26 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (10/17/2013 08:18:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6022

Error: (10/17/2013 08:18:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023

Error: (10/17/2013 08:18:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2013 08:18:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 2037.49 MB
Available physical RAM: 1093.19 MB
Total Pagefile: 4074.98 MB
Available Pagefile: 2905.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:146.46 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:9.73 GB) NTFS
Drive f: () (Fixed) (Total:54.99 GB) (Free:7.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D820D820)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2B1EBCE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#130
godawgs
Posted 18 October 2013 - 09:08 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I really can't see any malware. But the system events log shows that there is an issue with the Self Protection feature of the AVG antivirus software:

Error: (10/18/2013 00:18:26 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

I have found instances where the Self Protection feature in the AVG antivirus can cause random reboots. Let's disable that feature and see if that resolves the problem.

Open the AVG program. In the Menu, click Options->Advanced settings->AVG Self protection and untick the box beside Enable AVG Self protection. Click the link below to see a screen shot:
http://forums.avg.co...ww/217563/13025

If that didn't work, the Event logs have also listed a couple of platform firmware entries:

Error - 11/07/2013 11:44:51 | Computer Name = Frances-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error: (10/17/2013 08:18:32 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

This is most probably the BIOS that needs updating, but it could also be the motherboard chipset.

If disabling the Self Protection feature in AVG solves the problem then the BIOS or m/board chipset are not the cause and I would be careful about updating them. If you decide to update them, update the BIOS first but I believe the m/board chipset should only be updated as a last resort. And I would start a new topic in the Windows Vista /7 forum and get help with updating those.

Question, Did you have Vipre Antivirus or Internet Security on the machine at one time?

Let me know if disabling the Self Protection feature in AVG helped.
  • 0

Advertisements

#131
Feather24
Posted 20 October 2013 - 03:53 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Can I check if disabling the Self Protection feature in AVG will compromise the security of my system? The system isn't rebooting itself I am rebooting the system so that I can go back an successfully watch a video or browse.

Question, Did you have Vipre Antivirus or Internet Security on the machine at one time?

Answer: No Vipre AV, when you say IS can you say more I'm not sure what you mean.

Ok I might need to consider getting other help re: Bios etc.

thanks
  • 0

#132
godawgs
Posted 20 October 2013 - 02:11 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Disabling the self protection feature of AVG does not compromise the security of the system. The self protection feature is supposed to keep malware or infections from turning the antivirus program off but according to the system Event logs it isn't working anyway.

Answer: No Vipre AV

The last scan showed this driver:

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)

ThreatTrack Security is part of the Vipre antivirus program...click here then under the Home & Personal Antivirus column click the Antivirus software>> link and that will take you to the Vipre page.

... when you say IS can you say more I'm not sure what you mean.

Huh? :confused: When I say IS about what?
  • 0

#133
Feather24
Posted 21 October 2013 - 03:48 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok thanks for the info about disabling AVG.

When you say IS = Internet Security, I don't know what this programme is so needed more clarification?

If Viper was on the system I wasn't aware of it - do you want me to remove it and if so how?

thanks
  • 0

#134
godawgs
Posted 21 October 2013 - 07:10 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When you say IS = Internet Security, I don't know what this programme is so needed more clarification?

Gotcha. We don't do very many abbreviations around here. It gets confusing for us and for the poster at times.

we will take care of the Vipre driver after this. For now I just want you to disable the Self Protection feature of the AVG antivirus and see if that helps.
  • 0

#135
Feather24
Posted 21 October 2013 - 08:30 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok I've amended AVG self protection.

I was using skype today (before I disabled AVG self prot) and it crashed twice closing down the computer. I think it was to do with backing up files. I wondered if that might be due to disconnecting my External Hard Drive, so I've reconnected that hopefully that will sort out that problem.

I'll see how it goes today and report back tomorrow.

thanks

Edited by Feather24, 21 October 2013 - 08:30 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP