Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hard drive issues and can't run OTL

Started by Nanee5_08 , Jan 22 2014 02:33 PM

  • Please log in to reply

#1
Nanee5_08
Posted 22 January 2014 - 02:33 PM

Nanee5_08

    Member

  • Member
  • PipPip
  • 55 posts
Hello! I have not been here in a while. I don't THINK I have any malware/virus issues, but I'm not sure. My hard drive is 3/4 of the way full, and I have no idea why. I am running Vista. I try to run OTL, but it hangs up on "Scanning Firefox settings.." which I see apparently happens pretty often from some of the other threads. Any known reason for this? Anyway, I got new version of MWB and this is the log from it:


1/22/2014 1:47:12 PM
mbam-log-2014-01-22 (13-47-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219211
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Nanee_n_Hobie\Downloads\photo.rar (Backdoor.Agent.NIPGen) -> Quarantined and deleted successfully.
C:\Users\Nanee_n_Hobie\Downloads\TempFileCleaner_4.2.1_Free.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

(end)

What else should I do? Thanks in advance y'all!

Donna
  • 0

Advertisements

#2
Biscuithd
Posted 22 January 2014 - 02:52 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hello Nanee5_08, Posted Image Welcome to the forums!
Posted Image. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
Ok, let's get started. In order to figure out what is wrong with your computer, I'll need a diagnostic scan. Since your computer seem to be unable to function in normal mode, let's see if it will be more cooperative in Safe Mode. If you will, please perform the following steps.

  • Please re-start your computer and start tapping F8 repeatedly
  • If this is successful, you will see the Advanced Boot Options screen with the following three options:

Safe Mode
Safe Mode with Networking
Safe Mode with Command prompt

Please try to start in Safe Mode with Networking (1.)

Posted Image

If Safe Mode with Networking works, then proceed with the following steps. If it does NOT work, restart the computer and try Safe Mode. If Safe Mode works, write back and tell me and I'll coach you on the next steps.


  • Download OTL to your Desktop
  • Open Posted Image on the desktop. To do that:
    • Vista: Right click on the icon and click Run as Administrator)
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      Quote

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
  • Make sure all other windows are closed.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Quick Scan button
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • If the OTL.txt is opened please press ctrl + A , then CTRL + C to copy the content of the file
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the post window.
[/list]Repeat that for the Extras.txt file.

Please don't forget to include following Logfiles in your next post:

  • OTL.txt
  • Extras.txt

  • 0

#3
Nanee5_08
Posted 22 January 2014 - 05:49 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Tried that...same issue. It stops responding on "Scanning Firefox settings..." so I cannot get an OTL log.
  • 0

#4
Biscuithd
Posted 22 January 2014 - 06:29 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Tried that...same issue. It stops responding on "Scanning Firefox settings..." so I cannot get an OTL log.

Hmmm....well, that certainly not good news is it ;)

We do have a few options available, but let me ask some question first and also make a few observations.

You said in your first post that you're running Vista. Can you tell me, besides the hard drive being 3/4 full, what other negative behavior are you experiencing from your machine? Last, to the best of your knowledge, are you update to date on your Service Packs and what protection programs do you use (meaning Anti-virus, etc.)

Now, based on what MBAM showed, I think you are using a Peer to Peer program and it also looks like MBAM found a Back Door program. The Back Door program (if it turns out to be true) is very bad news! And, the P2P (Peer to Peer) program is very likely to be the source of your troubles. I am going to include, in the next paragraphs, some information about P2P programs and also about Back Door malware, however, before I do that that let me provide what little information I can right now. Based on your initial complaint of hard drive space disappearing along with OTL not running leads me to believe that you absolutely do have malware on your computer and it is likely it is very significant malware. I would be happy to work with you on removing this malware, but please be aware that it will be time consuming and that some people believe that back door infections can never be completely removed and that the only sure method is to reinstall the Operating System. I'll let that be your decision since we don't know for certain that your machine has a Back Door infection. So, read the next paragraphs and let me know how you want to proceed. I'm happy to help you remove the infections or do a reinstall.

Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's Backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

As I said above, we can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

P2P (Peer to Peer) programs

1.) If you download files via a P2P File sharing programs, you can usually expect a infection of malware. Certainly you can use P2P programs at your own risk, but they are often the source of many computer infections.
2.) Please read these reports about the danger of P2P Programs:
So, all that said, let me know how you want to proceed.



  • 0

#5
Nanee5_08
Posted 22 January 2014 - 08:35 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Well, as far as negative symptoms, other than the hard drive, nothing per se. It runs great actually. It is up to date on everything, and I run AVG. Yes, I do have Ares on it, but I don't ever use it, and if I do it is few and far between. One thing I have noticed though, is when I try to explore my C:, there are alot of folders that will not let me have access that I know I should have. And I haven't changed any security settings. I thought that was strange. I did notice some threads on here where alot of people have trouble with OTL the same way, hanging up on the firefox thing. Is there another reason that could be happening other than malware? Thanks, btw... I am pretty computer knowledgeable, but obviously still need some help. :)
  • 0

#6
Nanee5_08
Posted 22 January 2014 - 09:04 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Oh, and my first thought was to save all my valuable stuff (pics, files, etc.) to a disc and then just do a full recovery, but I would really hate to do that seeing I am not having alot of issues. If I can figure this out without doing that, that would be my first choice.
  • 0

#7
Biscuithd
Posted 23 January 2014 - 07:57 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hello Nanee5_08,

I absolutely understand that you're not convinced of the severity of the issue. I wouldn't be either if I were you. However, I'm hopeful that you'll trust me and hopefully I can show you what's going on with your machine and hopefully clean is up.

First, do you have a current backup? If not, please try to perform one and don't more on with any of my instructions unitl that's complete.

Next, the infection that it seems your machine has, may be blocking the execution of OTL at a minimum. We have a few alternatives. GMER is one of them. It runs as a randomly named file and usually can side step more malware. So, that's the first tool I'd like you to try.

Make sure you disable your Virus Protection prior to running GMER
Download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important

    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

  • 0

#8
Nanee5_08
Posted 24 January 2014 - 02:46 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry Biscuithd...been busy and was just able to get on here today. Here you go...

GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-24 14:42:23
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0 111.79GB
Running: kum72898.exe; Driver: C:\Users\NANEE_~1\AppData\Local\Temp\pwtoypod.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8D601690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8D6017B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8D601010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8D601490]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8D6012D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8D6013B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8D601110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8D6011F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8D601590]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 3BD 820E9A08 8 Bytes [90, 16, 60, 8D, B0, 17, 60, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 820E9A3C 4 Bytes [10, 10, 60, 8D]
.text ntkrnlpa.exe!KeSetEvent + 40D 820E9A58 4 Bytes [90, 14, 60, 8D]
.text ntkrnlpa.exe!KeSetEvent + 611 820E9C5C 8 Bytes [D0, 12, 60, 8D, B0, 13, 60, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 820E9C6C 8 Bytes [10, 11, 60, 8D, F0, 11, 60, ...]
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Program Files\real\realplayer\Update\realsched.exe[1092] kernel32.dll!SetUnhandledExceptionFilter 74D6A8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

---- EOF - GMER 2.1 ----
  • 0

#9
Biscuithd
Posted 26 January 2014 - 09:55 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi,

Although we did communicate via PM, I am also updating the topic for clarity and transparency.

I did see your GMER log, but it will likely take the remainder of the day for analysis and reply. I've had many weather related issues (we've had severe snow and low temperatures) and I've not been able to attend to your log as I would have liked.

Also, my instructor is well engaged with your topic and will also provide feedback and guidance. So, look for all of that either late today or tomorrow.
  • 0

#10
Biscuithd
Posted 26 January 2014 - 10:49 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi Nanee5_08

Your GMER log looked fine, so we're going to move on to a different scan.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
So when you return, please post
  • FRST.txt

  • 0

Advertisements

#11
Nanee5_08
Posted 26 January 2014 - 11:28 AM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you! I will get on with the next step ASAP. I didn't want you to think I was getting impatient as I certainly understand how busy you are as well. Thank you for all you are doing, in your ability and time, to help me out. :-)
  • 0

#12
Biscuithd
Posted 27 January 2014 - 06:17 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Thank you! I will get on with the next step ASAP.

Take your time, I'm in no rush :)

I didn't want you to think I was getting impatient

I didn't take it that way...we're good :)

as I certainly understand how busy you are as well. Thank you for all you are doing, in your ability and time, to help me out. :-)

You're very welcome!
  • 0

#13
Nanee5_08
Posted 28 January 2014 - 12:03 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
When downloading, AVG detected trojan horse MSIL2.ITN. Promptly fixed. LOL

(That TH came with the 64 bit, but the 32 bit was clean. Not sure what was up with that.)

Anyway...here are the logs.



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by Nanee_n_Hobie (administrator) on NANEE_N_HOBI-PC on 28-01-2014 12:35:35
Running from C:\Users\Nanee_n_Hobie\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Autodesk Inc) C:\Program Files\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-04-26] (Synaptics, Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2486296 2014-01-08] ()
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-07-13] (soft thinks)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [HP Deskjet 3510 series (NET)] - C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MT6730
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=MT6730
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-10-16 10:35:57&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice...Web&orig=IMC-IE
SearchScopes: HKCU - {24AB7372-A1F5-4D95-AA60-9C044B2C0E14} URL = http://search.yahoo....ei=utf-8&fr=ie8
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-10-16 10:35:57&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default
FF user.js: detected! => C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://my.yahoo.com/
FF Keyword.URL: hxxp://websearch.shopathome.com?user_id={d239f128-b3c4-4ced-a551-5d050324d244}&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Move Media Player - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\[email protected] [2009-05-11]
FF Extension: ShopAtHome.com Toolbar - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\[email protected] [2012-11-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-22]
FF Extension: Yahoo! Toolbar - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-09-02]
FF Extension: ChaCha Guide App Toolbar - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\[email protected] [2012-10-29]
FF Extension: Personas Plus - C:\Users\Nanee_n_Hobie\AppData\Roaming\Mozilla\Firefox\Profiles\2yro3bmu.default\Extensions\[email protected] [2013-02-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009-09-19]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013-08-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://my.yahoo.com/
CHR RestoreOnStartup: "sync": {
"acknowledged_types": [ "Bookmarks", "Preferences", "Passwords", "Autofill Profiles", "Autofill", "Themes", "Typed URLs", "Extensions", "Search Engines", "Sessions", "Apps", "App settings", "Extension settings", "App Notifications", "Dictionary", "Encryption keys" ],
"app_notifications": true,
"app_settings": true,
"apps": true,
"autofill": true,
"autofill_profile": true,
"bookmarks": true,
"dictionary": true,
"encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAv6G9Dz0BKEKek+TAB3xOLgAAAAACAAAAAAADZgAAqAAAABAAAAC33of7YaEsmjELvG+KKkwXAAAAAASAAACgAAAAEAAAAPOHKnAmNFpp1+okp620dpU4AAAAx9pNkCyDLL8TjFjjd8U0425/VuZ/9LmTJ3WMYrUHJbdTGlKPM1Yj+jFM5agK82HnItAJIQ7jrj0UAAAAQRJlSGhGkKS9YNG0UYMEhuF4LDY=",
"extension_settings": true,
"extensions": true,
"favicon_images": true,
"favicon_tracking": true,
"favicons_syncing_enabled": true,
"has_setup_completed": true,
"history_delete_directives": true,
"keep_everything_synced": true,
"keystore_encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAv6G9Dz0BKEKek+TAB3xOLgAAAAACAAAAAAADZgAAqAAAABAAAAAd/roZMTghVD58Ne88rYOsAAAAAASAAACgAAAAEAAAAGoE3dppJPk994hApkJTfiJQAAAAYSnB7v4DxlpBcB9hpx7tQygUCkrlUTUBfoLvfXwZAwWpn9FRVpLG0iT0pK4f7wv2VbPYnpLV/x3p+GT/ySFGtigjG6+rKcYbyjO75pXvs+EUAAAA0I+xiqb/1/QdfMkXgxDbvUE2JQE=",
"last_synced_time": "13035407550335362",
"managed_users": true,
"passwords": true,
"preferences": true,
"priority_preferences": true,
"search_engines": true,
"session_sync_guid": "session_syncOxQn9rl/sZlwJVTOSm07jA==",
"sessions": true,
"suppress_start": false,
"synced_notifications": true,
"tabs": true,
"themes": true,
"typed_urls"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Panda ActiveScan 2.0) - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Nanee_n_Hobie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Tibi) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfnihbbceiilhalikfkonbipolponko [2013-09-25]
CHR Extension: (Google Docs) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
CHR Extension: (Google Drive) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
CHR Extension: (YouTube) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (Google Search) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (ChaCha Guide Application extension) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebelbcbfjbbogojkmekbhaigjbceojff [2013-04-26]
CHR Extension: (RealDownloader) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-06]
CHR Extension: (AVG Security Toolbar) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-04-26]
CHR Extension: (Google Wallet) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Nanee_n_Hobie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AresChatServer; C:\Program Files\Ares\chatServer.exe [398336 2009-01-27] (Ares Development Group)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [346112 2009-01-13] (Realtek Semiconductor Corporation )
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-29] (SigmaTel, Inc.)
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2008-05-01] (Texas Instruments Incorporated)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 12:35 - 2014-01-28 12:37 - 00029364 _____ C:\Users\Nanee_n_Hobie\Downloads\FRST.txt
2014-01-28 12:35 - 2014-01-28 12:35 - 00000000 ____D C:\FRST
2014-01-28 12:32 - 2014-01-28 12:32 - 01136640 _____ (Farbar) C:\Users\Nanee_n_Hobie\Downloads\FRST.exe
2014-01-28 12:06 - 2014-01-28 12:06 - 00722856 _____ (Reimage®) C:\Users\Nanee_n_Hobie\Downloads\ReimageRepair.exe
2014-01-24 14:43 - 2014-01-24 14:43 - 00003458 _____ C:\Users\Nanee_n_Hobie\Desktop\GMER.log
2014-01-24 14:16 - 2014-01-24 14:13 - 00380416 _____ C:\Users\Nanee_n_Hobie\Desktop\kum72898.exe
2014-01-24 14:13 - 2014-01-24 14:13 - 00380416 _____ C:\Users\Nanee_n_Hobie\Downloads\kum72898.exe
2014-01-22 13:45 - 2014-01-22 13:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-22 13:45 - 2014-01-22 13:45 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 13:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-22 13:44 - 2014-01-22 13:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nanee_n_Hobie\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-22 13:39 - 2014-01-22 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nanee_n_Hobie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 13:05 - 2014-01-22 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\Nanee_n_Hobie\Downloads\OTL.com
2014-01-22 12:49 - 2014-01-22 12:49 - 00602112 _____ (OldTimer Tools) C:\Users\Nanee_n_Hobie\Downloads\OTL.exe

==================== One Month Modified Files and Folders =======

2014-01-28 12:37 - 2014-01-28 12:35 - 00029364 _____ C:\Users\Nanee_n_Hobie\Downloads\FRST.txt
2014-01-28 12:35 - 2014-01-28 12:35 - 00000000 ____D C:\FRST
2014-01-28 12:32 - 2014-01-28 12:32 - 01136640 _____ (Farbar) C:\Users\Nanee_n_Hobie\Downloads\FRST.exe
2014-01-28 12:22 - 2012-04-11 20:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 12:06 - 2014-01-28 12:06 - 00722856 _____ (Reimage®) C:\Users\Nanee_n_Hobie\Downloads\ReimageRepair.exe
2014-01-28 11:58 - 2008-10-05 00:24 - 01463517 _____ C:\Windows\WindowsUpdate.log
2014-01-28 11:57 - 2010-10-21 21:53 - 00000000 ____D C:\ProgramData\MFAData
2014-01-28 11:54 - 2010-12-27 14:32 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 11:52 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 11:52 - 2006-11-02 06:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 11:52 - 2006-11-02 06:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 23:46 - 2006-11-02 07:01 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 23:43 - 2010-12-27 14:32 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 14:43 - 2014-01-24 14:43 - 00003458 _____ C:\Users\Nanee_n_Hobie\Desktop\GMER.log
2014-01-24 14:13 - 2014-01-24 14:16 - 00380416 _____ C:\Users\Nanee_n_Hobie\Desktop\kum72898.exe
2014-01-24 14:13 - 2014-01-24 14:13 - 00380416 _____ C:\Users\Nanee_n_Hobie\Downloads\kum72898.exe
2014-01-22 14:04 - 2013-08-27 15:53 - 00012676 _____ C:\Windows\PFRO.log
2014-01-22 13:46 - 2014-01-22 13:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-22 13:45 - 2014-01-22 13:45 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-22 13:45 - 2014-01-22 13:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nanee_n_Hobie\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-22 13:39 - 2014-01-22 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nanee_n_Hobie\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-22 13:26 - 2013-09-27 12:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-22 13:05 - 2014-01-22 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\Nanee_n_Hobie\Downloads\OTL.com
2014-01-22 12:49 - 2014-01-22 12:49 - 00602112 _____ (OldTimer Tools) C:\Users\Nanee_n_Hobie\Downloads\OTL.exe
2014-01-15 13:14 - 2013-04-26 15:38 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-15 03:04 - 2013-08-14 02:11 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 03:00 - 2006-11-02 04:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-08 22:27 - 2013-09-20 16:16 - 00000000 ____D C:\Program Files\AVG Secure Search

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-28 11:59

==================== End Of Log ============================

Edited by Nanee5_08, 28 January 2014 - 12:41 PM.

  • 0

#14
Nanee5_08
Posted 28 January 2014 - 12:42 PM

Nanee5_08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2014 03
Ran by Nanee_n_Hobie at 2014-01-28 12:37:31
Running from C:\Users\Nanee_n_Hobie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Ad-Aware (Version: 7.1.0.7 - Lavasoft)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ares 2.1.8 (Version: 2.1.8-Build#3042 - Ares Development Group)
Autodesk SketchBook Pro 6 (Version: 6.00.0000 - Autodesk)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG Security Toolbar (Version: 17.3.0.49 - AVG Technologies)
BigFix (Version: 2.2.0.04 - BigFix)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (Version: - )
Camera Assistant Software for Gateway (Version: 1.7.036.0614 - Chicony Electronics Co.,Ltd.)
CiD Help (HKCU Version: - )
Coupon Printer for Windows (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Gateway Connect (Version: 1.1.0 - Acceller)
Gateway Recovery Center Installer (Version: 1.01.033 - Gateway)
GoGear VIBE Device Manager (Version: 01.05 - Philips)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Deskjet 3510 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (Version: 2.1.2.8 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (Version: - )
Intel® Matrix Storage Manager (Version: - )
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Converter for Philips (Version: 2.5.2.191 - ArcSoft)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Netflix Movie Viewer (Version: 1.2.211 - Netflix)
Nikon Message Center 2 (Version: 2.0.1 - Nikon)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (Version: 1.0.42 - Panda Security)
Power2Go 5.0 (Version: - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
REALTEK USB Wireless LAN Driver (Version: 1.00.0000 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SigmaTel Audio (Version: 5.10.5102.0 - SigmaTel)
Spare Backup (Version: 3.2 - Spare Backup, Inc)
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (Version: 9.2.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
ViewNX 2 (Version: 2.1.2 - Nikon)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

19-01-2014 06:00:04 Scheduled Checkpoint
22-01-2014 21:13:11 Scheduled Checkpoint
24-01-2014 20:11:19 Windows Backup

==================== Hosts content: ==========================

2006-11-02 04:23 - 2013-08-27 15:41 - 00451387 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123simsen.com
127.0.0.1 www.123simsen.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {012F20D3-1491-4A57-9A12-CF25E1DBE6E2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-332055203-2026605748-171643338-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2300B239-44A2-41CE-8973-6F6A75540C6E} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4EAA93FC-DB8E-4CBB-8C88-AA786D78788E} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe [2013-09-11] (RealNetworks, Inc.)
Task: {5309FDEA-9F2E-47C5-A149-9F372ADF159B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {5658E768-7535-42D5-BCF1-2D1AA9974DED} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5DD2633B-4005-43C5-A431-4A64870872E2} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {608067E9-FAA5-47F0-860B-FE20AA407160} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-332055203-2026605748-171643338-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {64197387-A6C5-4283-9B74-F5B42E31544F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-332055203-2026605748-171643338-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7AC2867B-A0C5-47F1-837D-D16CA6E00CBF} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9241CDF9-51CC-4EE4-8EBC-B3C17C0ACC64} - System32\Tasks\Sun Microsystems online update program => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
Task: {954C6CE3-2C84-46E5-9E9F-732E8CCF1DC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-27] (Google Inc.)
Task: {9C1F9F61-30BE-4B85-AF1F-A9127C02BDEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B8DDEB2D-C9F5-498A-8F76-C050E2433D5A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C1D0CF74-631D-4C37-97FB-4D9959D4774D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C3C2B073-79DC-4CA2-B9CF-545FC126B4EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-27] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F8CA02DD-A241-4A2D-9916-0361724B7D8B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-332055203-2026605748-171643338-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-11-23 20:50 - 2007-04-30 03:47 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-08 22:27 - 2014-01-08 22:27 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 10:47:46 AM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 32.0.1700.76, time stamp 0x52d0feb8, faulting module QuickTimeStreaming.qtx, version 7.74.80.86, time stamp 0x5180f322, exception code 0xc0000005, fault offset 0x0008f84d,
process id 0x2208, application start time 0xchrome.exe0.

Error: (01/24/2014 02:29:15 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8736

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8736

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7738

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7738

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/22/2014 09:18:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6661

Error: (01/22/2014 09:18:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6661


System errors:
=============
Error: (01/28/2014 11:53:03 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/25/2014 11:45:43 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (01/24/2014 02:30:04 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/24/2014 02:29:57 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/24/2014 02:00:48 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/22/2014 02:05:39 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/22/2014 01:34:05 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/22/2014 01:20:59 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/22/2014 01:20:51 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2014 01:17:47 PM) (Source: Service Control Manager) (User: )
Description: Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
spldr
Wanarpv6


Microsoft Office Sessions:
=========================
Error: (01/25/2014 10:47:46 AM) (Source: Application Error)(User: )
Description: chrome.exe32.0.1700.7652d0feb8QuickTimeStreaming.qtx7.74.80.865180f322c00000050008f84d220801cf19ed25fbddd2

Error: (01/24/2014 02:29:15 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8736

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8736

Error: (01/22/2014 09:18:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7738

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7738

Error: (01/22/2014 09:18:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/22/2014 09:18:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6661

Error: (01/22/2014 09:18:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6661


CodeIntegrity Errors:
===================================
Date: 2014-01-28 12:36:53.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:53.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:52.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:51.618
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:50.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:49.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:49.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-28 12:36:48.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 14:20:37.095
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NANEE_~1\AppData\Local\Temp\tmpF220.tmp because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 14:20:36.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\NANEE_~1\AppData\Local\Temp\tmpF220.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 2037.68 MB
Available physical RAM: 578.15 MB
Total Pagefile: 4312.67 MB
Available Pagefile: 2979.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.67 GB) (Free:25.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:11.12 GB) (Free:3.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 7556806E)
Partition 1: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=101 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#15
Biscuithd
Posted 28 January 2014 - 12:43 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Oopps, we were posting at the same time. ;)

Thanks for the scan. I'll analyze and be back with you soon.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP