Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

browser behaving badly [Solved]


  • This topic is locked This topic is locked

#1
hijacked333

hijacked333

    Member

  • Member
  • PipPip
  • 16 posts

Hello,

 

I'm usually very careful with my browsing habits, but recently I seem to have picked up some malware that's redirecting Chrome and prompting to download .exe files under the guise of Adobe updates. 

 

I would greatly appreciate any help with this.

 

Here's my log:

 

OTL logfile created on: 1/8/2015 2:29:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Graeme\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.89 Gb Total Physical Memory | 13.78 Gb Available Physical Memory | 86.75% Memory free
18.26 Gb Paging File | 16.08 Gb Available in Paging File | 88.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 24.31 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 99.38 Gb Free Space | 14.23% Space Free | Partition Type: NTFS
 
Computer Name: THESLAB | User Name: Graeme | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/08 14:29:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme\Downloads\OTL (1).exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/16 12:15:26 | 003,247,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\AVG\AVG2014\avgidsagent.exe
PRC - [2014/12/16 12:11:20 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\AVG\AVG2014\avgui.exe
PRC - [2014/12/16 12:09:34 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/12/13 13:29:15 | 001,806,872 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
PRC - [2014/12/13 13:29:15 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
PRC - [2014/12/05 19:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/17 14:04:08 | 002,465,088 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/11/17 14:04:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/11/13 13:17:58 | 007,475,200 | ---- | M] (Google Inc.) -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/09/11 17:10:16 | 002,087,264 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/09/05 18:54:29 | 006,281,536 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/07/22 16:15:56 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/07/16 10:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/07/03 05:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/04/21 12:20:03 | 002,725,912 | ---- | M] () -- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
PRC - [2014/02/19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014/01/25 15:46:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/01/02 00:03:04 | 000,323,584 | ---- | M] (Atheros) -- C:\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2013/12/12 13:07:08 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/09/23 14:59:24 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/09/09 10:36:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013/09/09 09:04:42 | 000,111,416 | ---- | M] (ASUSTek Computer Inc.) -- C:\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2013/05/30 13:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 19:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 19:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 19:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 19:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 19:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/13 12:57:36 | 000,253,440 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/11/13 12:57:08 | 000,231,936 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/11/13 12:57:02 | 000,117,248 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/11/13 12:57:00 | 000,344,064 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/11/12 18:20:36 | 000,010,952 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/11 17:09:20 | 001,498,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/09/05 18:54:29 | 006,281,536 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/09/03 13:15:50 | 000,026,624 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2014/09/03 13:15:42 | 010,683,392 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2014/09/03 13:15:40 | 007,741,952 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2014/09/03 13:15:40 | 001,681,408 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2014/09/03 13:15:38 | 002,248,192 | ---- | M] () -- C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2014/07/16 10:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/07/03 05:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
MOD - [2014/07/03 05:45:40 | 000,742,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libGLESv2.dll
MOD - [2014/07/03 05:45:40 | 000,136,576 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libEGL.dll
MOD - [2014/05/19 16:19:02 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2014/04/27 17:42:26 | 001,632,792 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
MOD - [2014/04/21 12:20:03 | 002,725,912 | ---- | M] () -- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/17 14:04:03 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/11/17 14:04:02 | 019,821,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/10/30 22:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 19:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/21 21:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 21:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 21:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 18:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 18:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 01:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/14 00:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/07 23:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 01:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 09:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 03:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 03:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 03:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 03:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 01:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/29 21:59:11 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/09/29 21:59:10 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 04:36:01 | 000,321,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/05/21 08:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/09/12 18:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/16 12:15:26 | 003,247,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/12/16 12:09:34 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/12/13 13:29:15 | 001,806,872 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe -- (vToolbarUpdater18.2.0)
SRV - [2014/11/28 20:38:24 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- D:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/11/18 14:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/17 14:04:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/08/15 21:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 00:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/01/25 15:46:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/01/09 03:59:10 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2014/01/02 00:29:26 | 000,318,592 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2014/01/02 00:03:04 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/10/01 12:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/09 09:04:42 | 000,111,416 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/11/21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/13 13:29:15 | 000,052,000 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/11/17 14:04:02 | 000,020,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/11/12 18:20:36 | 000,031,560 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2014/10/29 21:03:36 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/10/24 10:20:06 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/10/12 20:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 20:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 20:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/09 19:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/03 13:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/09/21 21:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 21:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 20:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/15 16:15:26 | 000,409,664 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tus1800u.sys -- (TASCAM_US1800)
DRV:64bit: - [2014/09/15 16:15:26 | 000,050,752 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tus1800a.sys -- (TASCAM_US1800_WDM)
DRV:64bit: - [2014/09/15 16:15:26 | 000,031,296 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tus1800m.sys -- (TASCAM_US1800_MIDI)
DRV:64bit: - [2014/08/14 18:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 09:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 09:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 05:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/07/21 20:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/30 11:43:18 | 000,270,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/06/30 11:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 15:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 15:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 15:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/01 07:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 14:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 09:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 09:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 09:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/08 18:07:58 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/01/28 14:32:18 | 000,593,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/01/25 12:01:22 | 000,423,128 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2014/01/02 00:05:30 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2014/01/02 00:05:30 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2014/01/02 00:05:30 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2014/01/02 00:05:30 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2014/01/02 00:05:30 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2014/01/02 00:05:30 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2014/01/02 00:05:28 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/12/12 13:07:14 | 000,070,928 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/12/04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/29 02:32:14 | 000,838,872 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/11/04 05:32:06 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013/10/28 19:08:35 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/10/25 19:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 09:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/10/01 12:02:30 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/29 22:12:05 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 21:59:13 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/09/29 21:59:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/09/29 21:59:04 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/09/29 21:59:04 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/09/29 21:59:04 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/09/29 21:59:04 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/04 17:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/22 16:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 05:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 05:38:26 | 000,032,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthHfAud.sys -- (BthHFAud)
DRV:64bit: - [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/14 02:42:44 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/05/21 08:14:00 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/05/21 08:14:00 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2013/07/02 15:45:52 | 000,019,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | System | Running] -- C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 97 89 C9 57 1A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8C116EB0-035E-4124-9096-D7ECCA5F37AC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{8C116EB0-035E-4124-9096-D7ECCA5F37AC}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg.com/search?cid={300C6766-586B-48B1-B822-3BE24E0790F2}&mid=bb9deec0bbfe47d2a1e96da73dac9021-b934ba910cbde4527f80248aa1d5f44481bb3249&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 17:22:36&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Graeme\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Graeme\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/05 17:22:37 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2013/08/22 07:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe File not found
O4 - HKLM..\Run: [AVG_UI] C:\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\EaseUS Partition Master 9.3.0\bin\EpmNews.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Graeme\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Amazon Music] C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0414c] C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Graeme\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=bb9deec0bbfe47d2a1e96da73dac9021-b934ba910cbde4527f80248aa1d5f44481bb3249 /CMPID=1213b File not found
O4 - HKCU..\Run: [MusicManager] C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704C0319-84F1-44B3-90FD-4C174FEF09B8}: DhcpNameServer = 147.26.8.11 147.26.8.12 147.26.24.66 158.135.1.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDC781F-0507-4A2C-9D55-522216B466C7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/13 20:48:03 | 000,000,000 | ---D | C] -- C:\NPE
[2014/12/13 19:41:10 | 000,000,000 | ---D | C] -- C:\Users\Graeme\AppData\Local\NPE
[2014/12/13 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/12/12 16:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1214tb
[2014/12/11 16:01:18 | 000,000,000 | ---D | C] -- C:\Users\Graeme\AppData\Local\BMExplorer
[2014/12/11 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\Graeme\AppData\Roaming\Atheros
[2014/12/11 16:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/12/11 15:58:20 | 000,000,000 | ---D | C] -- C:\Users\Graeme\Documents\Bluetooth Folder
[2014/12/11 15:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2014/12/11 15:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\QCA_Bluetooth
[2014/12/11 15:58:15 | 000,000,000 | ---D | C] -- C:\Bluetooth Suite
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/08 14:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/08 14:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001UA.job
[2015/01/08 14:27:06 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/08 14:27:05 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rmv.job
[2015/01/08 14:27:05 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rel.job
[2015/01/08 14:27:02 | 005,260,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/08 14:26:57 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015/01/08 14:26:54 | 760,922,109 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/08 14:12:55 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/26 09:28:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001Core.job
[2014/12/21 19:13:48 | 000,867,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/21 19:13:48 | 000,734,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/21 19:13:48 | 000,136,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/20 14:33:45 | 003,033,010 | ---- | M] () -- C:\Users\Graeme\Desktop\albumcovereditblackdiagonal.jpg
[2014/12/20 13:52:21 | 003,660,059 | ---- | M] () -- C:\Users\Graeme\Desktop\albumcovereditblackonly.jpg
[2014/12/20 11:40:13 | 012,958,678 | ---- | M] () -- C:\Users\Graeme\Desktop\4PAN1T.pdf
[2014/12/20 01:52:27 | 000,556,990 | ---- | M] () -- C:\Users\Graeme\Desktop\mongoose face.jpg
[2014/12/13 13:29:15 | 000,052,000 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/12/12 01:13:01 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/11 10:23:03 | 000,081,895 | ---- | M] () -- C:\Users\Graeme\Desktop\resume.pdf
[2014/12/10 11:02:17 | 000,530,618 | ---- | M] () -- C:\Users\Graeme\Desktop\Mon Freres Amigos Song 9(CryerCreek).mp3.reapeaks
[2014/12/10 11:01:55 | 000,540,338 | ---- | M] () -- C:\Users\Graeme\Desktop\01 Cryer Creek.mp3.reapeaks
[2014/12/10 10:59:50 | 006,604,978 | ---- | M] () -- C:\Users\Graeme\Desktop\Mon Freres Amigos Song 9(CryerCreek).mp3
 
========== Files Created - No Company Name ==========
 
[2014/12/20 14:22:46 | 003,033,010 | ---- | C] () -- C:\Users\Graeme\Desktop\albumcovereditblackdiagonal.jpg
[2014/12/20 11:40:01 | 012,958,678 | ---- | C] () -- C:\Users\Graeme\Desktop\4PAN1T.pdf
[2014/12/20 02:06:19 | 003,660,059 | ---- | C] () -- C:\Users\Graeme\Desktop\albumcovereditblackonly.jpg
[2014/12/20 01:51:00 | 000,556,990 | ---- | C] () -- C:\Users\Graeme\Desktop\mongoose face.jpg
[2014/12/10 11:02:16 | 000,530,618 | ---- | C] () -- C:\Users\Graeme\Desktop\Mon Freres Amigos Song 9(CryerCreek).mp3.reapeaks
[2014/12/10 11:01:54 | 000,540,338 | ---- | C] () -- C:\Users\Graeme\Desktop\01 Cryer Creek.mp3.reapeaks
[2014/12/10 11:01:02 | 006,604,978 | ---- | C] () -- C:\Users\Graeme\Desktop\Mon Freres Amigos Song 9(CryerCreek).mp3
[2014/12/10 11:00:43 | 006,473,911 | ---- | C] () -- C:\Users\Graeme\Desktop\01 Cryer Creek.mp3
[2014/07/20 23:18:19 | 000,001,456 | ---- | C] () -- C:\Users\Graeme\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/04/09 15:40:57 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/03/18 14:12:08 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/02/28 20:17:30 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/02/10 18:48:23 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/01/26 01:35:54 | 000,881,814 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/25 15:46:54 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/25 15:46:53 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014/01/25 15:46:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/25 13:38:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/10/01 12:02:30 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/01 12:02:26 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 12:02:26 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/22 09:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 09:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 08:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 01:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 21:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 17:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/04/26 15:18:34 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 18:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 16:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/04 10:59:25 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\ASUS
[2014/01/25 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\AVG2014
[2015/01/08 14:26:12 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Azureus
[2014/03/10 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Battle.net
[2014/10/15 06:46:53 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\BigHugeEngine
[2015/01/08 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\ClassicShell
[2014/03/01 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\FabFilter
[2014/05/18 14:47:04 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Kalypso Media
[2014/03/11 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\MPC-HC
[2014/10/14 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Origin
[2014/10/04 10:31:58 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\PDAppFlex
[2014/03/01 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\REAPER
[2014/05/26 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Tropico 5
[2014/01/25 11:11:05 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\TuneUp Software
[2014/03/01 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Graeme\AppData\Roaming\Voxengo
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Graeme\SkyDrive:ms-properties
 
< End of report >
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

Your hard drive space is getting low, as the log shows only 21% available. Optimally, we need about 25% or better. If you can move some items off the hard drive, that would be preferred. However, if not, we'll work with what we have and try to open some more up as we go.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Punkbuster and Program Uninstalls

PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

So after you have downloaded the removal tool for PunkBuster Services run it as follows...
  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Program Uninstall

Please uninstall Akamai NetSession from your machine as it uses pseudo P2P technology and doesn't do very much to protect your system.


Step 2: OTL Fix

Note: Before running this step, please move OTL.exe from C:\Users\Graeme\Downloads to your desktop. It works much better from there. :)

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
SRV - [2014/12/13 13:29:15 | 001,806,872 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe -- (vToolbarUpdater18.2.0)
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg.com/search?cid={300C6766-586B-48B1-B822-3BE24E0790F2}&mid=bb9deec0bbfe47d2a1e96da73dac9021-b934ba910cbde4527f80248aa1d5f44481bb3249&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 17:22:36&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/05 17:22:37 | 000,000,000 | ---D | M]
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3:64bit: - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe File not found
O4 - HKLM..\Run: [EaseUS EPM tray] C:\EaseUS Partition Master 9.3.0\bin\EpmNews.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0414c] C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Graeme\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=bb9deec0bbfe47d2a1e96da73dac9021-b934ba910cbde4527f80248aa1d5f44481bb3249 /CMPID=1213b File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
[2015/01/08 14:27:05 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rmv.job
[2015/01/08 14:27:05 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rel.job

:Files
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Avg Secure Update
C:\Program Files (x86)\AVG SafeGuard toolbar
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: Scan with Farbar's Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

OTL Fix Log

FRST Log

Addition.txt Log

  • 0

#3
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks so much for the quick response. Logs to follow.


  • 0

#4
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service vToolbarUpdater18.2.0 stopped successfully!
Service vToolbarUpdater18.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\adobe.com/AdobeAAMDetect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected] deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ASUS InstantKey deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUS EPM tray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0414c deleted successfully.
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job moved successfully.
========== FILES ==========
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.2.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.9 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.7 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.1.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.5 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\Avg Secure Update folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Licenses folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\IeDspHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\IeDspHelperRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes\AVG SafeGuard toolbar folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes\AVG Nation toolbar folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\ChromeGuardRes folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\Chrome folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\BundleInstall folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829 folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Graeme\Desktop\cmd.bat deleted successfully.
C:\Users\Graeme\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Graeme\Desktop\cmd.bat deleted successfully.
C:\Users\Graeme\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Graeme\Desktop\cmd.bat deleted successfully.
C:\Users\Graeme\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Graeme
->Temp folder emptied: 2827398469 bytes
->Temporary Internet Files folder emptied: 95248443 bytes
->Google Chrome cache emptied: 40118918 bytes
->Flash cache emptied: 1415 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 613995297 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,411.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01092015_144521
 
Files\Folders moved on Reboot...
C:\Users\Graeme\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#5
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Graeme (administrator) on THESLAB on 09-01-2015 15:05:02
Running from C:\Users\Graeme\Desktop
Loaded Profile: Graeme (Available profiles: Graeme)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Atheros) C:\Bluetooth Suite\Ath_CoexAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm®Atheros®) C:\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2014\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Classic Start Menu] => C:\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVG_UI] => C:\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Bluetooth Suite\BtvStack.exe [133760 2014-01-02] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Graeme\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\Run: [Google Update] => C:\Users\Graeme\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-27] (Google Inc.)
HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\Run: [MusicManager] => C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\Run: [Amazon Music] => C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-113328309-1090989344-821775724-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-113328309-1090989344-821775724-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...r=spigot-yhp-ie
SearchScopes: HKU\S-1-5-21-113328309-1090989344-821775724-1001 -> DefaultScope {8C116EB0-035E-4124-9096-D7ECCA5F37AC} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-113328309-1090989344-821775724-1001 -> {8C116EB0-035E-4124-9096-D7ECCA5F37AC} URL = https://search.yahoo...p={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-113328309-1090989344-821775724-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Graeme\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-113328309-1090989344-821775724-1001: @talk.google.com/O1DPlugin -> C:\Users\Graeme\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-113328309-1090989344-821775724-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-113328309-1090989344-821775724-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Graeme\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Graeme\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASLDRService; C:\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 AtherosSvc; C:\Bluetooth Suite\adminservice.exe [318592 2014-01-02] (Windows ® Win 7 DDK provider)
R2 ATKGFNEXSrv; C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 AVGIDSAgent; C:\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-09] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-02] (Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-13] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-02] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2014-01-25] (Realsil Semiconductor Corporation)
S3 TASCAM_US1800; C:\Windows\System32\Drivers\tus1800u.sys [409664 2014-09-15] (TASCAM)
S3 TASCAM_US1800_MIDI; C:\Windows\system32\drivers\tus1800m.sys [31296 2014-09-15] (TASCAM)
S3 TASCAM_US1800_WDM; C:\Windows\system32\drivers\tus1800a.sys [50752 2014-09-15] (TASCAM)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 DIRECTIO; \??\E:\BurnInTest_x64\DirectIo64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 14:59 - 2015-01-09 15:05 - 00019667 _____ () C:\Users\Graeme\Desktop\FRST.txt
2015-01-09 14:59 - 2015-01-09 15:05 - 00000000 ____D () C:\FRST
2015-01-09 14:59 - 2015-01-09 15:00 - 00030100 _____ () C:\Users\Graeme\Desktop\Addition.txt
2015-01-09 14:58 - 2015-01-09 14:58 - 02124288 _____ (Farbar) C:\Users\Graeme\Desktop\FRST64.exe
2015-01-09 14:45 - 2015-01-09 14:45 - 00000000 ____D () C:\_OTL
2015-01-09 14:43 - 2015-01-09 14:43 - 00602112 _____ (OldTimer Tools) C:\Users\Graeme\Desktop\OTL.exe
2015-01-09 14:40 - 2015-01-09 14:40 - 00912744 _____ () C:\Users\Graeme\Desktop\pbsvc.exe
2014-12-25 13:49 - 2014-12-25 13:49 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-13 20:48 - 2014-12-13 20:48 - 00000000 ____D () C:\NPE
2014-12-13 19:41 - 2014-12-13 20:49 - 00000000 ____D () C:\Users\Graeme\AppData\Local\NPE
2014-12-13 19:41 - 2014-12-13 19:41 - 00000000 ____D () C:\ProgramData\Norton
2014-12-12 16:01 - 2014-12-12 16:01 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-11 16:01 - 2014-12-11 16:01 - 00000000 ____D () C:\Users\Graeme\AppData\Roaming\Atheros
2014-12-11 16:01 - 2014-12-11 16:01 - 00000000 ____D () C:\Users\Graeme\AppData\Local\BMExplorer
2014-12-11 16:01 - 2014-12-11 16:01 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-11 15:58 - 2014-12-11 15:58 - 00000000 ____D () C:\Users\Graeme\Documents\Bluetooth Folder
2014-12-11 15:58 - 2014-12-11 15:58 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-12-11 15:58 - 2014-12-11 15:58 - 00000000 ____D () C:\Bluetooth Suite
2014-12-10 11:02 - 2014-12-10 11:02 - 00530618 _____ () C:\Users\Graeme\Desktop\Mon Freres Amigos Song 9(CryerCreek).mp3.reapeaks
2014-12-10 11:01 - 2014-12-10 11:01 - 00540338 _____ () C:\Users\Graeme\Desktop\01 Cryer Creek.mp3.reapeaks
2014-12-10 05:54 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 05:54 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 05:54 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 05:54 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 05:46 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:46 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:46 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:46 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 05:46 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:46 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 05:46 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:46 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:46 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:46 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:46 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 05:46 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 05:46 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:46 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:46 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:46 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 05:46 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 05:46 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 05:46 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:46 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:46 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:46 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:46 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:46 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:46 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 05:46 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:46 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:46 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 05:46 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:46 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 05:46 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:46 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:46 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:46 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:46 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:46 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:46 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:46 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:46 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:46 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:46 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:46 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 05:46 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 05:46 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-10 05:46 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 05:46 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 05:46 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 05:46 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 05:46 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 15:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-09 14:56 - 2013-09-29 22:12 - 00867660 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 14:50 - 2014-02-15 21:42 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 14:50 - 2014-01-24 15:47 - 00000000 __RDO () C:\Users\Graeme\SkyDrive
2015-01-09 14:50 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 14:50 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 14:42 - 2014-01-29 16:05 - 01665536 ___SH () C:\Users\Graeme\Desktop\Thumbs.db
2015-01-09 14:41 - 2014-01-25 11:03 - 00000000 ____D () C:\Users\Graeme\AppData\Roaming\ClassicShell
2015-01-09 14:28 - 2014-01-27 11:48 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001UA.job
2015-01-09 14:24 - 2014-01-24 15:42 - 01248577 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 14:12 - 2014-02-15 21:42 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 13:45 - 2014-01-24 15:44 - 00000000 ____D () C:\Users\Graeme
2015-01-09 09:28 - 2014-01-27 11:48 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001Core.job
2015-01-09 09:01 - 2014-01-25 11:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-09 08:28 - 2014-03-18 16:11 - 00000000 ____D () C:\Users\Graeme\AppData\Local\Adobe
2015-01-08 14:43 - 2014-01-24 15:51 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-113328309-1090989344-821775724-1001
2015-01-08 14:27 - 2013-08-22 08:44 - 05260344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 14:26 - 2014-01-24 16:11 - 00000000 ____D () C:\Users\Graeme\AppData\Roaming\Azureus
2015-01-08 14:26 - 2014-01-24 16:11 - 00000000 ____D () C:\Program Files\Vuze
2015-01-08 14:26 - 2013-09-29 14:03 - 00042410 _____ () C:\Windows\PFRO.log
2015-01-08 13:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-08 13:21 - 2014-03-31 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-08 13:19 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-27 23:29 - 2014-01-25 11:41 - 00000000 ____D () C:\Steam
2014-12-20 02:07 - 2014-03-10 18:30 - 00224768 ___SH () C:\Users\Graeme\Downloads\Thumbs.db
2014-12-19 23:06 - 2013-08-22 08:46 - 00034326 _____ () C:\Windows\setupact.log
2014-12-18 11:16 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-15 00:29 - 2014-10-13 19:43 - 00000000 ____D () C:\ProgramData\Origin
2014-12-15 00:22 - 2014-09-09 07:11 - 00000000 ____D () C:\Users\Graeme\Desktop\SHELLEY
2014-12-13 19:42 - 2014-11-22 20:12 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-12-13 19:42 - 2014-11-22 20:12 - 00000000 ____D () C:\Windows\system32\NV
2014-12-13 13:29 - 2014-04-27 17:42 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-12-13 13:29 - 2014-01-26 18:23 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-12-12 17:20 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2014-12-12 08:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-12 08:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-12 05:30 - 2014-01-26 01:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 05:30 - 2014-01-25 23:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 05:30 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 05:30 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 05:28 - 2014-01-25 23:27 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 01:13 - 2014-02-15 21:42 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 10:06 - 2014-03-18 16:12 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-08 13:59
 
==================== End Of Log ============================

  • 0

#6
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Graeme at 2015-01-09 15:05:20
Running from C:\Users\Graeme\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.5 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.2.0.829 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Font Xplorer 1.2.2  (HKLM-x32\...\Font Xplorer) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{4050C71E-EB43-4A8C-B6A6-778DD6F8252C}) (Version: 4.24.338 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aaf3655f-6961-4be2-aa4e-6de4dc1dc8f4}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Music Manager (HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\MusicManager) (Version:  - Google, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.6 - Black Tree Gaming)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
US-1800 driver (HKLM\...\USB_AUDIO_DEusb-audio.deTascamUS1800) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Video Editor(Build 4.7.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version:  - Egosoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
18-12-2014 11:16:46 Windows Update
25-12-2014 18:18:17 Scheduled Checkpoint
09-01-2015 14:45:32 OTL Restore Point - 1/9/2015 2:45:31 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-01-09 14:48 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {032C25AB-5495-4E53-8C0D-13BC2F1E8EF7} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {1BB03412-9C27-47E6-9C31-C4BA56DCBCF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&#38;lang=en
Task: {2A24C01B-B981-4B72-9B45-0FFB1B5475BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001UA => C:\Users\Graeme\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {3C5FAE6B-9A5B-4FA2-B433-356B133B9E93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {515F86F5-69BA-49EC-9716-05BE7B024553} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {6770FABF-1063-4AE1-912E-7AE6EE6038B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: {6AFD6004-8F39-4F84-993D-3864C6366259} - System32\Tasks\ASUS Smart Gesture Launcher => C:\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {751CB5CD-F448-43B2-81E4-32EFBD084F38} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7D91D57C-2A1B-4B42-BE66-0A251F408038} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-06] (Realtek Semiconductor)
Task: {8D460DAA-D74C-4401-A8E8-AC6C11D5958E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {95291203-D22F-45C6-9FD2-E657E40D4133} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001Core => C:\Users\Graeme\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {9A91F3D9-C6B8-4AFF-8066-CC7CDC21EA0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B6DE5CDD-8D6E-4B8F-9B57-708771172376} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-05-06] (Realtek Semiconductor)
Task: {DED55337-E892-4B1F-8B31-C36CF6F3B819} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E06032BF-2DC6-4959-AC65-486E1AF82F9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001Core.job => C:\Users\Graeme\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113328309-1090989344-821775724-1001UA.job => C:\Users\Graeme\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-25 10:34 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-02 00:25 - 2014-01-02 00:25 - 00011264 _____ () C:\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-02 00:23 - 2014-01-02 00:23 - 00086016 _____ () C:\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-02 00:29 - 2014-01-02 00:29 - 00012928 _____ () C:\Bluetooth Suite\ActivateDesktop.exe
2014-08-02 07:32 - 2014-09-05 18:54 - 06281536 _____ () C:\Users\Graeme\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-07-16 10:05 - 2014-07-16 10:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 10683392 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 07741952 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 01681408 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 02248192 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00117248 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00231936 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00253440 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 12:57 - 2014-11-13 12:57 - 00344064 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 13:15 - 2014-09-03 13:15 - 00026624 _____ () C:\Users\Graeme\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-07-15 07:36 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-10-04 12:14 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-10-04 12:14 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-12-12 01:12 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 01:12 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 01:12 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 01:12 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Graeme\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "ASUS InstantKey"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-113328309-1090989344-821775724-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-113328309-1090989344-821775724-500 - Administrator - Disabled)
Graeme (S-1-5-21-113328309-1090989344-821775724-1001 - Administrator - Enabled) => C:\Users\Graeme
Guest (S-1-5-21-113328309-1090989344-821775724-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-113328309-1090989344-821775724-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1235
 
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1235
 
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36685781
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36685781
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2015 02:00:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/08/2015 01:59:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/08/2015 01:21:56 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx64.msi'.
 
Error: (01/08/2015 01:15:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35671
 
 
System errors:
=============
Error: (01/09/2015 02:50:20 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:20 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:20 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:20 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:20 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:19 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:19 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:50:19 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (01/09/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/09/2015 02:41:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
 
Microsoft Office Sessions:
=========================
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1235
 
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1235
 
Error: (01/09/2015 08:24:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36685781
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36685781
 
Error: (01/09/2015 08:23:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2015 02:00:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
 
Error: (01/08/2015 01:59:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
 
Error: (01/08/2015 01:21:56 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx64.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/08/2015 01:15:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35671
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16267.09 MB
Available physical RAM: 14265.68 MB
Total Pagefile: 18699.09 MB
Available Pagefile: 16655.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:27.83 GB) NTFS
Drive d: (Storage) (Fixed) (Total:698.64 GB) (Free:113.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 57788C0B)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 994B5365)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thanks so much for the quick response. Logs to follow.


You're quite welcome, let's continue tidying up your machine. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstall


Please uninstall the following program as it is a malware/adware related program.

AVG Safeguard Toolbar


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
2014-12-13 13:29 - 2014-04-27 17:42 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2015-01-08 14:26 - 2014-01-24 16:11 - 00000000 ____D () C:\Program Files\Vuze
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {032C25AB-5495-4E53-8C0D-13BC2F1E8EF7} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {1BB03412-9C27-47E6-9C31-C4BA56DCBCF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&#38;lang=en
Task: {515F86F5-69BA-49EC-9716-05BE7B024553} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

How is the machine running?

  • 0

#8
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Graeme at 2015-01-10 10:03:19 Run:1
Running from C:\Users\Graeme\Desktop
Loaded Profile: Graeme (Available profiles: Graeme)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
2014-12-13 13:29 - 2014-04-27 17:42 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2015-01-08 14:26 - 2014-01-24 16:11 - 00000000 ____D () C:\Program Files\Vuze
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graeme\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {032C25AB-5495-4E53-8C0D-13BC2F1E8EF7} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: {1BB03412-9C27-47E6-9C31-C4BA56DCBCF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&#38;lang=en
Task: {515F86F5-69BA-49EC-9716-05BE7B024553} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\AVG SafeGuard toolbar => Moved successfully.
C:\Program Files\Vuze => Moved successfully.
"HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-113328309-1090989344-821775724-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{032C25AB-5495-4E53-8C0D-13BC2F1E8EF7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{032C25AB-5495-4E53-8C0D-13BC2F1E8EF7}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BB03412-9C27-47E6-9C31-C4BA56DCBCF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB03412-9C27-47E6-9C31-C4BA56DCBCF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Open Chrome => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{515F86F5-69BA-49EC-9716-05BE7B024553}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{515F86F5-69BA-49EC-9716-05BE7B024553}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rel" => Key deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 403.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:03:31 ====

  • 0

#9
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by Graeme on Sat 01/10/2015 at 10:05:48.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Graeme\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/10/2015 at 10:07:32.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#10
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# AdwCleaner v4.107 - Report created 10/01/2015 at 10:13:50
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Graeme - THESLAB
# Running from : C:\Users\Graeme\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
[!] Folder Deleted : C:\Users\Graeme\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Graeme\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Graeme\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5462 octets] - [10/01/2015 10:12:56]
AdwCleaner[S0].txt - [5594 octets] - [10/01/2015 10:13:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5654 octets] ##########

  • 0

Advertisements


#11
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks. The machine seems to be running well now. I will keep an eye out for anything suspicious/weird.


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thanks. The machine seems to be running well now. I will keep an eye out for anything suspicious/weird.


Hang in there, still a ways to go to make sure you're completely clean. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#13
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/10/2015
Scan Time: 10:42:45 AM
Logfile: MBAMSCAN.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.10.14
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Graeme
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343376
Time Elapsed: 4 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1dfc9720e19c6e42b42e4ba52451e134
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-10 05:31:31
# local_time=2015-01-10 11:31:31 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 107091075 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4102086 44870784 0 0
# scanned=263145
# found=2
# cleaned=0
# scan_time=2191
sh=37BE2A973B46E15ED89C96005EC6B284F706E33F ft=1 fh=2ae8cfc268428e00 vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\EaseUS Partition Master 9.3.0\bin\tb_free.exe"
sh=4E3028B3021FDDE8FBFBAC410D4CB4E60C2DE3A0 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Vuze\spg.zip"

  • 0

#15
hijacked333

hijacked333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Windows Defender                  
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP