Okay, here is task #2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Kris at 2014-11-21 18:13:35
Running from E:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13665 - Systweak Software) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.0.387 - AVG Technologies)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.185 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.185 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.185 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.387 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CommonCents 4.0 (x32 Version: 4.5.58.668 - enDevelopment) Hidden
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
FMW 1 (Version: 1.0.259 - AVG Technologies) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Groovorio (HKLM-x32\...\Groovorio) (Version: - Groovorio) <==== ATTENTION
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.1 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Recipe Hub Internet Explorer Toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Search Snacks (HKLM-x32\...\SearchSnacks) (Version: 1.9.0.6 - Search Snacks)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Storm Alert (HKLM-x32\...\StormAlert) (Version: 2.7.45 - Rational Thought Solutions LLC)
Support TW 1.1 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - TinyWallet) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
TinyWallet (HKLM-x32\...\{F04D4328-4631-1CBE-1907-201B33FAF2E8}) (Version: 4.3.0.1958 - )
TWS Latest (945.1) (HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\TWS Latest (945.1)) (Version: - Interactive Brokers)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-11-2014 20:03:31 Windows Update
08-11-2014 01:38:35 Windows Update
12-11-2014 01:59:07 Windows Update
12-11-2014 04:40:23 Windows Update
13-11-2014 00:18:46 Windows Update
17-11-2014 15:38:19 Windows Update
17-11-2014 17:50:42 Removed AVG 2015
17-11-2014 18:02:11 Removed AVG 2015
17-11-2014 18:13:52 Removed AVG PC TuneUp 2014
17-11-2014 18:16:50 Removed AVG PC TuneUp 2014 (en-US)
17-11-2014 18:21:37 Removed Citrix Online Launcher
17-11-2014 19:22:43 Installed AVG 2015
17-11-2014 19:24:01 Installed AVG 2015
19-11-2014 23:01:36 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-03-08 10:36 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 d3oxij66pru1i3.cloudfront.net
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1889E0B0-1DDE-41B2-8387-E5FA7CAEEBA2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {2CDD4B80-0EFE-4312-9777-D5B30F1AE60A} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {2DCA76F5-03B4-4989-9EDA-CE83BD9BB2C7} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2F8C85BF-463B-4B0B-9C8A-FED80761662C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {36C68EDF-D2D1-473F-A3F5-5641AFC81DF9} - System32\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-10-08] ()
Task: {38FDD950-0FBF-45E7-ABF9-2BA33E75B8BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {47B2E892-0295-4FC6-A957-1C196C0B9823} - System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {568E6BEA-F6BF-4CE7-A877-B5995D5A40A1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {58BC9D6C-AC45-4625-AD0D-04CA6C69A28F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {86817139-8E58-4A3E-B547-68499F7A2E73} - System32\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: {8F14A824-0FBF-426A-A3C6-23C8EE5CB985} - System32\Tasks\AVG_SYS_TASK_1114avz => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {943F4C85-FF7C-4116-81B9-CDFFFA5E42EB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-17] (ConsumerInput)
Task: {993B97E4-9A23-4A33-86A0-AC1AB92958E2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-17] (ConsumerInput)
Task: {AD4C203C-D0A0-407E-B1FE-09003B1D98DC} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {B6D34BB0-693F-493A-A3BC-79493FF0E55A} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {C4FE0A79-8615-4541-BE62-6D58EF0A3AA5} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {DBE031A3-D261-4205-93D7-3C3E620DB126} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {E3531C3B-C58C-4F72-AC68-E6D0212E8F19} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {E6EE1F9B-1986-402B-B2D5-2D6C94569AD6} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-07-17] (Systweak) <==== ATTENTION
Task: {EF53CF1B-10F9-4CD5-8336-9AF9D9ABB3DB} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000.job => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-17 13:30 - 2014-11-17 13:30 - 00089600 _____ () C:\Users\Kris\AppData\Roaming\VOPackage\VOsrv.exe
2014-10-17 12:34 - 2014-10-17 12:34 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-10-17 12:34 - 2014-10-17 12:34 - 00835896 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2014-11-17 14:35 - 2014-10-08 07:00 - 02776088 _____ () C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-17 14:35 - 2014-10-08 07:00 - 02776088 _____ () C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2014-10-16 13:39 - 2014-10-16 13:39 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2014-10-08 08:39 - 2014-10-08 08:39 - 01111936 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-15 11:42 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-11-15 11:42 - 2014-07-17 18:54 - 01730984 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-11-17 14:18 - 2014-11-17 14:18 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_149ce099-4625-4038-9722-c30e91f61d82 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_23e0af0d-6954-4a4f-866e-75012bcc141c => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_73098fbd-996d-4264-9284-cc57a720938b => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
========================= Accounts: ==========================
Administrator (S-1-5-21-4287490833-3400291495-2554494040-500 - Administrator - Disabled)
Guest (S-1-5-21-4287490833-3400291495-2554494040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4287490833-3400291495-2554494040-1002 - Limited - Enabled)
Kris (S-1-5-21-4287490833-3400291495-2554494040-1000 - Administrator - Enabled) => C:\Users\Kris
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/21/2014 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dca-monitoring.exe, version: 3.2.0.674, time stamp: 0x54353dea
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x165c
Faulting application start time: 0xdca-monitoring.exe0
Faulting application path: dca-monitoring.exe1
Faulting module path: dca-monitoring.exe2
Report Id: dca-monitoring.exe3
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
System errors:
=============
Error: (11/21/2014 06:05:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Error: (11/19/2014 06:01:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {5911B092-7EEA-4D99-BEDB-BF82390F266A}
Error: (11/19/2014 06:01:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (11/19/2014 04:59:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Error: (11/19/2014 04:48:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Error: (11/19/2014 03:12:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Error: (11/19/2014 03:06:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.187.2382.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (11/19/2014 02:56:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Error: (11/19/2014 08:14:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.187.2382.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (11/19/2014 08:04:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
Microsoft Office Sessions:
=========================
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (11/21/2014 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dca-monitoring.exe3.2.0.67454353deaKERNELBASE.dll6.1.7601.1840953159a86e06d73630000c42d165c01d005dfe07dcb78C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exeC:\Windows\syswow64\KERNELBASE.dll448bf77c-71d3-11e4-997d-b8ac6f795e42
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 65%
Total physical RAM: 3892.52 MB
Available physical RAM: 1340.64 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4805.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:217.89 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:29.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7188B833)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Now the scanning results of the flash drive, I wasnt sure. I guess you wanted the log from after having used the flash drive
on the infected computer. What I did was download the Farbar recovery Scan Tool using laptop 1, then moving on to the infected
laptop and after that I put the flash drive into laptop 2. Therefore the first log is without having ticked 'Always unhide items on flashdirve. The logs are here.
>>> MCShield AllScans.txt <<<
-----------------------------
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<
11/21/2014 6:40:51 PM > Drive C: - scan started (no label ~188 GB, NTFS HDD )...
> C:\RECYCLED
> C:\RECYCLED\desktopA.sys (MD5: 5b899d2ea2b888f394522da8f271b0cf)
>>> C:\Recycled - Malware (folder) > Deleted. (14.11.21. 18.40 Recycled.237347)
=> Malicious files : 1/1 deleted.
=> Malicious folders : 1/1 deleted.
____________________________________________
::::: Scan duration: 7sec ::::::::::::::::::
____________________________________________
11/21/2014 6:40:57 PM > Drive D: - scan started (LENOVO ~30 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<
11/21/2014 6:45:44 PM > Drive E: - scan started (no label ~30518 MB, FAT32 flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<
11/21/2014 6:54:16 PM > Drive E: - scan started (no label ~30518 MB, FAT32 flash drive )...
=> The drive is clean.
Thanks, gis
Edited by gismeu, 21 November 2014 - 06:20 PM.