Jump to content

FBI Virus and Google Search Redirect


Recommended Posts

HELP!  Working on a co-worker's machine running Windows 7. Yesterday, she walked away to make some copies and came back to the FBI/DOJ pop up.  I was able to get in via command prompt and do a system restore back to Monday morning.  I was able to run Malwarebytes which found 7 infected files.  Additionally, she no longer uses Google Chrome because it "was taking too long" and redirecting the links.  The redirect still occurs after running Malwarebytes.  Loaded Comodo Cleaning Essentials and ran a scan that found 4 more infected files (that a MWB scan did not find)  I cleaned those files, too.  However, the redirect still occurs - but, the FBI warning is gone.  Machine still doesn't seem to be acting right, though.  What to do next??

Link to post
Share on other sites

  • Root Admin

Hello jBaz and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.

Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.

Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Ran FRST - here is the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Sta (administrator) on 17-07-2013 21:48:00
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\windows\SysWOW64\regsvr32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Users\Sta\Desktop\system shortcuts\Comodo Cleaning Essentials\cce_2.5.242177.201_x64\CCE\CCE.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKCU\...\Run: [Toshiba] - C:\Users\Sta\AppData\Local\Toshiba\hrbgbxxc.dll [475136 2013-07-10] (Microsoft Corporation) <===== ATTENTION
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [2236080 2013-06-27] ()
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5E5040FD-6085-44F8-B4DB-370B36730B55}&mid=82ba7ad2a6ed47d38febd16f2af2bfbc-119f8453e2cda220f3e3d9b78879febf60b5943b〈=en&ds=AVG&pr=fr&d=2013-02-20 07:48:04&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sjzgxw; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-17 21:47 - 2013-07-17 21:47 - 00000000 ____D C:\FRST
2013-07-17 13:53 - 2013-07-17 17:33 - 00000000 ____D C:\CCE_Quarantine
2013-07-17 12:59 - 2013-07-17 13:53 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts
2013-07-15 10:27 - 2013-07-17 12:15 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54
2013-07-15 09:17 - 2013-07-15 09:18 - 00000000 ____D C:\Users\Sta\AppData\Local\{15A77CB1-64E6-4AFA-B3E8-1A63BD14EF22}
2013-06-20 08:58 - 2013-06-20 08:58 - 00000000 ____D C:\Users\Sta\AppData\Local\{C728A280-06F3-4DE6-877A-CA754F7CF9D3}
2013-06-18 09:46 - 2013-06-18 09:47 - 00000000 ____D C:\Users\Sta\AppData\Local\{C68DE333-2C55-4612-9B6C-46C7CEF5226C}
2013-06-18 08:41 - 2013-06-08 09:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-06-18 08:41 - 2013-06-08 09:07 - 19233792 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 02648064 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-06-18 08:41 - 2013-06-08 07:28 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-06-18 08:41 - 2013-06-08 06:42 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 14327808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-06-18 08:41 - 2013-06-08 06:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
 
==================== One Month Modified Files and Folders =======
 
2013-07-17 21:47 - 2013-07-17 21:47 - 00000000 ____D C:\FRST
2013-07-17 21:47 - 2013-02-06 22:00 - 00021954 _____ C:\windows\setupact.log
2013-07-17 21:42 - 2012-07-02 08:55 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 20:52 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 20:52 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 20:45 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-17 20:43 - 2012-05-19 08:16 - 01805013 _____ C:\windows\WindowsUpdate.log
2013-07-17 17:33 - 2013-07-17 13:53 - 00000000 ____D C:\CCE_Quarantine
2013-07-17 14:56 - 2012-05-19 09:19 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-17 14:08 - 2013-02-07 12:31 - 00019476 _____ C:\windows\PFRO.log
2013-07-17 14:08 - 2012-05-19 09:19 - 00000000 ____D C:\Program Files\Google
2013-07-17 14:01 - 2012-05-31 10:15 - 00000000 ____D C:\Users\Sta\AppData\Local\Google
2013-07-17 13:53 - 2013-07-17 12:59 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts
2013-07-17 13:02 - 2012-05-31 13:49 - 00000000 ____D C:\Users\Sta\Documents\Outlook Files
2013-07-17 12:49 - 2012-05-31 09:58 - 00000000 ____D C:\Users\Sta\AppData\Local\TOSHIBA
2013-07-17 12:26 - 2012-05-31 11:01 - 00000000 ____D C:\Users\Sta\AppData\Local\CrashDumps
2013-07-17 12:19 - 2012-05-31 09:56 - 00000000 ____D C:\Users\Sta
2013-07-17 12:16 - 2013-04-10 13:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:16 - 2013-04-10 13:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-17 12:16 - 2012-05-31 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-17 12:16 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 12:16 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 12:16 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-17 12:15 - 2013-07-15 10:27 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54
2013-07-17 12:15 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2013-07-17 12:11 - 2012-05-31 13:08 - 00000000 __RHD C:\MSOCache
2013-07-16 09:35 - 2013-06-12 11:16 - 11421184 _____ C:\Users\Sta\Documents\Lantern - 4th Quarter 2012-2013.pub
2013-07-16 09:02 - 2013-02-01 10:22 - 00022356 _____ C:\Users\Sta\Documents\2013 - 2014 Payment Log.xlsx
2013-07-15 09:18 - 2013-07-15 09:17 - 00000000 ____D C:\Users\Sta\AppData\Local\{15A77CB1-64E6-4AFA-B3E8-1A63BD14EF22}
2013-07-10 11:32 - 2013-04-03 09:11 - 00000000 ____D C:\Users\Sta\AppData\Local\{D546722B-3B38-4744-85B4-339FEFC7FF88}
2013-07-02 10:16 - 2012-06-12 14:23 - 00029943 _____ C:\Users\Sta\Documents\2012 - 2013 Payment Log.xlsx
2013-07-02 09:02 - 2009-07-14 00:13 - 00744270 _____ C:\windows\system32\PerfStringBackup.INI
2013-06-27 08:56 - 2013-02-20 08:48 - 00000000 ____D C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar
2013-06-27 08:55 - 2013-02-20 08:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-27 08:54 - 2013-02-20 08:47 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-06-27 08:54 - 2013-02-20 08:47 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-20 11:46 - 2012-06-12 14:31 - 00000000 ____D C:\Users\Sta\Documents\Documents  prior to 2010
2013-06-20 08:58 - 2013-06-20 08:58 - 00000000 ____D C:\Users\Sta\AppData\Local\{C728A280-06F3-4DE6-877A-CA754F7CF9D3}
2013-06-18 09:47 - 2013-06-18 09:46 - 00000000 ____D C:\Users\Sta\AppData\Local\{C68DE333-2C55-4612-9B6C-46C7CEF5226C}
 
Files to move or delete:
====================
C:\Users\Sta\g2ax_customer_downloadhelper_win32_x86.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-04 10:49
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Okay let's do this from the Recovery Environment then.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair

    System Restore

    Windows Complete PC Restore

    Windows Memory Diagnostic Tool

    Command Prompt

    Select Command Prompt

  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02

Ran by SYSTEM on 18-07-2013 00:05:30

Running from C:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)

HKLM\...\Run: [CCE] - C:\Users\Sta\Desktop\system shortcuts\Comodo Cleaning Essentials\cce_2.5.242177.201_x64\CCE\CCE.exe [7002032 2013-07-17] (COMODO)

HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)

HKLM-x32\...\Run: [ToshibaAppPlace] - "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)

HKU\Sta\...\Run: [Toshiba] - regsvr32.exe C:\Users\Sta\AppData\Local\Toshiba\hrbgbxxc.dll [475136 2013-07-10] (Microsoft Corporation) <===== ATTENTION

HKU\Sta\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad\dabdcbdcfbaacbad.exe [271872 2013-07-17] () <===== ATTENTION

HKU\Sta\...\Run: [dmsvc] - rundll32.exe "C:\Users\Sta\AppData\Roaming\dmsvc.dll",Long_FromDouble [569344 2013-07-17] (Mise Technology,Inc) <===== ATTENTION

HKU\Sta\...\Run: [swibp] - rundll32.exe "C:\Users\Sta\AppData\Roaming\swibp.dll",read_row [409600 2013-07-17] (Soft Systems) <===== ATTENTION

HKU\Sta\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad\dabdcbdcfbaacbad.exe [271872 2013-07-17] () <===== ATTENTION

HKU\Sta\...\Winlogon: [shell] explorer.exe,C:\Users\Sta\AppData\Roaming\skype.dat [108032 2011-11-16] (ByteVision Software Group) <==== ATTENTION 

 

==================== Services (Whitelisted) =================

 

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)

S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )

S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)

S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)

S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)

S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S0 sjzgxw; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-17 20:17 - 2013-07-17 20:17 - 00000004 _____ C:\Users\Sta\AppData\Roaming\skype.ini

2013-07-17 20:14 - 2013-07-17 20:14 - 00569344 _____ (Mise Technology,Inc) C:\Users\Sta\AppData\Roaming\dmsvc.dll

2013-07-17 20:14 - 2013-07-17 20:14 - 00409600 _____ (Soft Systems) C:\Users\Sta\AppData\Roaming\swibp.dll

2013-07-17 20:14 - 2013-07-17 20:14 - 00003062 _____ C:\Windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}

2013-07-17 20:14 - 2013-07-17 20:14 - 00000324 ____H C:\Windows\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}.job

2013-07-17 20:14 - 2013-07-17 20:14 - 00000000 ____D C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad

2013-07-17 20:13 - 2013-07-17 20:14 - 00271872 _____ C:\Users\Sta\mstsc.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00856064 _____ (DS Team) C:\Users\Sta\windowsupdate.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00840192 _____ (DS Team) C:\Users\Sta\AppData\Roaming\midefender.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00108032 _____ (ByteVision Software Group) C:\Users\Sta\rundll32.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00108032 _____ (ByteVision Software Group) C:\Users\Sta\notepad.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00000763 _____ C:\Users\Sta\Desktop\Internet Security Pro.lnk

2013-07-17 20:13 - 2013-07-17 20:13 - 00000000 _____ C:\Users\Sta\jucheck.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00000000 _____ C:\Users\Sta\acrobat.exe

2013-07-17 20:09 - 2013-07-17 20:09 - 00000000 ____D C:\Program Files (x86)\ESET

2013-07-17 20:05 - 2013-07-17 20:05 - 00002488 _____ C:\Users\Sta\Desktop\AdwCleaner[s1].txt

2013-07-17 20:02 - 2013-07-17 20:02 - 00000121 _____ C:\Windows\DeleteOnReboot.bat

2013-07-17 20:01 - 2013-07-17 20:02 - 00002488 _____ C:\AdwCleaner[s1].txt

2013-07-17 20:00 - 2013-07-17 20:00 - 00662345 _____ C:\Users\Sta\Desktop\AdwCleaner.exe

2013-07-17 19:42 - 2013-07-17 19:42 - 00000000 ____D C:\Windows\ERUNT

2013-07-17 19:15 - 2013-07-17 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-17 19:00 - 2013-07-17 19:01 - 03778560 _____ C:\Users\Sta\Downloads\RogueKillerX64.exe

2013-07-17 19:00 - 2013-07-17 19:00 - 00000000 ____D C:\Windows\ERDNT

2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-17 18:47 - 2013-07-17 18:47 - 00000000 ____D C:\FRST

2013-07-17 10:53 - 2013-07-17 14:33 - 00000000 ____D C:\CCE_Quarantine

2013-07-17 09:59 - 2013-07-17 20:01 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts

2013-07-15 07:27 - 2013-07-17 09:15 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54

2013-06-18 05:41 - 2013-06-08 06:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-18 05:41 - 2013-06-08 06:07 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-18 05:41 - 2013-06-08 06:06 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-18 05:41 - 2013-06-08 06:06 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-18 05:41 - 2013-06-08 06:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-18 05:41 - 2013-06-08 04:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-18 05:41 - 2013-06-08 03:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-18 05:41 - 2013-06-08 03:40 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-18 05:41 - 2013-06-08 03:40 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-18 05:41 - 2013-06-08 03:40 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-18 05:41 - 2013-06-08 03:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-18 05:41 - 2013-06-08 03:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

 

==================== One Month Modified Files and Folders =======

 

2013-07-17 20:44 - 2009-07-13 21:13 - 00730268 _____ C:\Windows\System32\PerfStringBackup.INI

2013-07-17 20:17 - 2013-07-17 20:17 - 00000004 _____ C:\Users\Sta\AppData\Roaming\skype.ini

2013-07-17 20:14 - 2013-07-17 20:14 - 00569344 _____ (Mise Technology,Inc) C:\Users\Sta\AppData\Roaming\dmsvc.dll

2013-07-17 20:14 - 2013-07-17 20:14 - 00409600 _____ (Soft Systems) C:\Users\Sta\AppData\Roaming\swibp.dll

2013-07-17 20:14 - 2013-07-17 20:14 - 00003062 _____ C:\Windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}

2013-07-17 20:14 - 2013-07-17 20:14 - 00000324 ____H C:\Windows\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}.job

2013-07-17 20:14 - 2013-07-17 20:14 - 00000000 ____D C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad

2013-07-17 20:14 - 2013-07-17 20:13 - 00271872 _____ C:\Users\Sta\mstsc.exe

2013-07-17 20:14 - 2012-05-31 08:01 - 00000000 ____D C:\Users\Sta\AppData\Local\CrashDumps

2013-07-17 20:14 - 2012-05-31 06:56 - 00000000 ____D C:\users\Sta

2013-07-17 20:13 - 2013-07-17 20:13 - 00856064 _____ (DS Team) C:\Users\Sta\windowsupdate.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00840192 _____ (DS Team) C:\Users\Sta\AppData\Roaming\midefender.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00108032 _____ (ByteVision Software Group) C:\Users\Sta\rundll32.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00108032 _____ (ByteVision Software Group) C:\Users\Sta\notepad.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00000763 _____ C:\Users\Sta\Desktop\Internet Security Pro.lnk

2013-07-17 20:13 - 2013-07-17 20:13 - 00000000 _____ C:\Users\Sta\jucheck.exe

2013-07-17 20:13 - 2013-07-17 20:13 - 00000000 _____ C:\Users\Sta\acrobat.exe

2013-07-17 20:12 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-17 20:12 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-17 20:09 - 2013-07-17 20:09 - 00000000 ____D C:\Program Files (x86)\ESET

2013-07-17 20:08 - 2012-05-19 05:16 - 01818577 _____ C:\Windows\WindowsUpdate.log

2013-07-17 20:05 - 2013-07-17 20:05 - 00002488 _____ C:\Users\Sta\Desktop\AdwCleaner[s1].txt

2013-07-17 20:05 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-17 20:04 - 2013-02-06 19:00 - 00022066 _____ C:\Windows\setupact.log

2013-07-17 20:02 - 2013-07-17 20:02 - 00000121 _____ C:\Windows\DeleteOnReboot.bat

2013-07-17 20:02 - 2013-07-17 20:01 - 00002488 _____ C:\AdwCleaner[s1].txt

2013-07-17 20:01 - 2013-07-17 09:59 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts

2013-07-17 20:00 - 2013-07-17 20:00 - 00662345 _____ C:\Users\Sta\Desktop\AdwCleaner.exe

2013-07-17 19:42 - 2013-07-17 19:42 - 00000000 ____D C:\Windows\ERUNT

2013-07-17 19:42 - 2012-07-02 05:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-17 19:38 - 2013-07-17 19:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-17 19:01 - 2013-07-17 19:00 - 03778560 _____ C:\Users\Sta\Downloads\RogueKillerX64.exe

2013-07-17 19:00 - 2013-07-17 19:00 - 00000000 ____D C:\Windows\ERDNT

2013-07-17 18:59 - 2013-07-17 18:59 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-17 18:47 - 2013-07-17 18:47 - 00000000 ____D C:\FRST

2013-07-17 14:33 - 2013-07-17 10:53 - 00000000 ____D C:\CCE_Quarantine

2013-07-17 11:56 - 2012-05-19 06:19 - 00000000 ____D C:\Program Files (x86)\Google

2013-07-17 11:08 - 2013-02-07 09:31 - 00019476 _____ C:\Windows\PFRO.log

2013-07-17 11:08 - 2012-05-19 06:19 - 00000000 ____D C:\Program Files\Google

2013-07-17 11:01 - 2012-05-31 07:15 - 00000000 ____D C:\Users\Sta\AppData\Local\Google

2013-07-17 10:02 - 2012-05-31 10:49 - 00000000 ____D C:\Users\Sta\Documents\Outlook Files

2013-07-17 09:49 - 2012-05-31 06:58 - 00000000 ____D C:\Users\Sta\AppData\Local\TOSHIBA

2013-07-17 09:16 - 2013-04-10 10:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-17 09:16 - 2013-04-10 10:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-17 09:16 - 2012-05-31 10:09 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-17 09:16 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-17 09:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-17 09:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-17 09:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-17 09:15 - 2013-07-15 07:27 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54

2013-07-17 09:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-07-17 09:11 - 2012-05-31 10:08 - 00000000 __RHD C:\MSOCache

2013-07-16 06:35 - 2013-06-12 08:16 - 11421184 _____ C:\Users\Sta\Documents\Lantern - 4th Quarter 2012-2013.pub

2013-07-16 06:02 - 2013-02-01 07:22 - 00022356 _____ C:\Users\Sta\Documents\2013 - 2014 Payment Log.xlsx

2013-07-10 08:32 - 2013-04-03 06:11 - 00000000 ____D C:\Users\Sta\AppData\Local\{D546722B-3B38-4744-85B4-339FEFC7FF88}

2013-07-02 07:16 - 2012-06-12 11:23 - 00029943 _____ C:\Users\Sta\Documents\2012 - 2013 Payment Log.xlsx

2013-06-27 05:56 - 2013-02-20 05:48 - 00000000 ____D C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar

2013-06-27 05:55 - 2013-02-20 05:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar

2013-06-27 05:54 - 2013-02-20 05:47 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys

2013-06-27 05:54 - 2013-02-20 05:47 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar

2013-06-20 08:46 - 2012-06-12 11:31 - 00000000 ____D C:\Users\Sta\Documents\Documents  prior to 2010

 

Files to move or delete:

====================

C:\Users\Sta\acrobat.exe

C:\Users\Sta\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\Sta\jucheck.exe

C:\Users\Sta\mstsc.exe

C:\Users\Sta\notepad.exe

C:\Users\Sta\rundll32.exe

C:\Users\Sta\windowsupdate.exe

C:\Users\Sta\AppData\Roaming\skype.dat

C:\Users\Sta\AppData\Roaming\skype.ini

C:\Windows\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}.job

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-05-23 04:33:58

Restore point made on: 2013-06-04 07:56:30

Restore point made on: 2013-06-13 05:59:37

Restore point made on: 2013-06-17 05:54:37

Restore point made on: 2013-06-18 05:40:56

Restore point made on: 2013-07-02 05:58:56

Restore point made on: 2013-07-15 06:02:47

Restore point made on: 2013-07-15 06:55:47

Restore point made on: 2013-07-17 11:00:10

 

==================== Memory info =========================== 

 

Percentage of memory in use: 29%

Total physical RAM: 1638.87 MB

Available physical RAM: 1162.45 MB

Total Pagefile: 1638.87 MB

Available Pagefile: 1153.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

 

==================== Drives ================================

 

Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:220.13 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT (Disk=1 Partition=1)

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 0007F308)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

 

 

LastRegBack: 2013-06-04 07:49

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please save the attached FIXLIST.TXT to the flash drive as fixlist.txt

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Now please enter System Recovery Options.


Run FRST or FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02

Ran by SYSTEM at 2013-07-18 00:29:33 Run:1

Running from Y:\

Boot Mode: Recovery

==============================================

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CCE => Value deleted successfully.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba => Value deleted successfully.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\swibp => Value deleted successfully.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.

HKU\Sta\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

vToolbarUpdater15.3.0 => Service deleted successfully.

sjzgxw => Service deleted successfully.

C:\Windows\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}.job => Moved successfully.

C:\Users\Sta\jucheck.exe => Moved successfully.

C:\Users\Sta\acrobat.exe => Moved successfully.

C:\Users\Sta\Desktop\Internet Security Pro.lnk => Moved successfully.

C:\Users\Sta\mstsc.exe => Moved successfully.

C:\Users\Sta\windowsupdate.exe => Moved successfully.

C:\Users\Sta\rundll32.exe => Moved successfully.

C:\Users\Sta\notepad.exe => Moved successfully.

C:\Windows\DeleteOnReboot.bat => Moved successfully.

C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Is the computer now able to start in Normal or Safe Mode ?

 

Please run a new FRST scan again if you can run in Normal Mode.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

  • Root Admin

I'd also like you to run the following please.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

I'm back, sorry for the delay.  The machine started in normal mode this morning  About to download TDSSkiler and here are the logs from the FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Sta (administrator) on 18-07-2013 09:14:07
Running from C:\Users\Sta\Desktop\system shortcuts
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
(Microsoft Corporation) C:\windows\SoftwareDistribution\Download\Install\NDP40-KB2835393-x64.exe
(Microsoft Corporation) c:\55594161e5225a48eec9f4885f7b\Setup.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\system32\MsiExec.exe
(Microsoft Corporation) C:\Windows\syswow64\MsiExec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\system32\wbem\mofcomp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKCU\...\Run: [dmsvc] - C:\Users\Sta\AppData\Roaming\dmsvc.dll [569344 2013-07-17] (Mise Technology,Inc) <===== ATTENTION
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1046984 2013-07-18] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={877B4822-604E-4CF5-A041-72C4A5FCE35D}&mid=82ba7ad2a6ed47d38febd16f2af2bfbc-119f8453e2cda220f3e3d9b78879febf60b5943b〈=en&ds=AVG&pr=fr&d=2013-07-18 09:09:13&v=13.3.0.17&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 vToolbarUpdater13.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2013-07-18] ()

==================== Drivers (Whitelisted) ====================

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [30568 2013-07-18] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [x]
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [x]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [x]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-18 09:10 - 2013-07-18 09:10 - 00000000 ____D C:\Users\Sta\AppData\Local\AVG Secure Search
2013-07-18 09:09 - 2013-07-18 09:09 - 00000000 ____D C:\55594161e5225a48eec9f4885f7b
2013-07-18 09:08 - 2013-07-18 09:08 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-18 03:06 - 2013-07-18 03:06 - 00019482 _____ C:\FRST.txt
2013-07-17 23:17 - 2013-07-17 23:17 - 00000004 _____ C:\Users\Sta\AppData\Roaming\skype.ini
2013-07-17 23:14 - 2013-07-17 23:14 - 00569344 _____ (Mise Technology,Inc) C:\Users\Sta\AppData\Roaming\dmsvc.dll
2013-07-17 23:14 - 2013-07-17 23:14 - 00409600 _____ (Soft Systems) C:\Users\Sta\AppData\Roaming\swibp.dll
2013-07-17 23:14 - 2013-07-17 23:14 - 00003062 _____ C:\windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}
2013-07-17 23:14 - 2013-07-17 23:14 - 00000000 ____D C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad
2013-07-17 23:13 - 2013-07-17 23:13 - 00840192 _____ (DS Team) C:\Users\Sta\AppData\Roaming\midefender.exe
2013-07-17 23:09 - 2013-07-17 23:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-17 23:01 - 2013-07-17 23:02 - 00002488 _____ C:\AdwCleaner[s1].txt
2013-07-17 22:42 - 2013-07-17 22:42 - 00000000 ____D C:\windows\ERUNT
2013-07-17 22:15 - 2013-07-17 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 22:00 - 2013-07-17 22:01 - 03778560 _____ C:\Users\Sta\Downloads\RogueKillerX64.exe
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\windows\ERDNT
2013-07-17 21:59 - 2013-07-17 21:59 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-17 21:47 - 2013-07-17 21:47 - 00000000 ____D C:\FRST
2013-07-17 13:53 - 2013-07-17 17:33 - 00000000 ____D C:\CCE_Quarantine
2013-07-17 12:59 - 2013-07-18 09:13 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts
2013-07-15 10:27 - 2013-07-17 12:15 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54
2013-06-18 08:41 - 2013-06-08 09:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-06-18 08:41 - 2013-06-08 09:07 - 19233792 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 02648064 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-06-18 08:41 - 2013-06-08 09:06 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-06-18 08:41 - 2013-06-08 07:28 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-06-18 08:41 - 2013-06-08 06:42 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 14327808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-06-18 08:41 - 2013-06-08 06:40 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-06-18 08:41 - 2013-06-08 06:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

==================== One Month Modified Files and Folders =======

2013-07-18 09:14 - 2009-07-14 00:13 - 00744638 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 09:13 - 2013-07-17 12:59 - 00000000 ____D C:\Users\Sta\Desktop\system shortcuts
2013-07-18 09:10 - 2013-07-18 09:10 - 00000000 ____D C:\Users\Sta\AppData\Local\AVG Secure Search
2013-07-18 09:09 - 2013-07-18 09:09 - 00000000 ____D C:\55594161e5225a48eec9f4885f7b
2013-07-18 09:09 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 09:09 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 09:08 - 2013-07-18 09:08 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-18 09:07 - 2013-02-20 08:47 - 00030568 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-18 09:06 - 2013-02-06 22:27 - 00000000 ____D C:\ProgramData\MFAData
2013-07-18 09:05 - 2012-05-19 08:16 - 01843144 _____ C:\windows\WindowsUpdate.log
2013-07-18 09:02 - 2013-02-06 22:00 - 00022122 _____ C:\windows\setupact.log
2013-07-18 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 03:29 - 2012-05-31 09:56 - 00000000 ____D C:\Users\Sta
2013-07-18 03:06 - 2013-07-18 03:06 - 00019482 _____ C:\FRST.txt
2013-07-17 23:17 - 2013-07-17 23:17 - 00000004 _____ C:\Users\Sta\AppData\Roaming\skype.ini
2013-07-17 23:14 - 2013-07-17 23:14 - 00569344 _____ (Mise Technology,Inc) C:\Users\Sta\AppData\Roaming\dmsvc.dll
2013-07-17 23:14 - 2013-07-17 23:14 - 00409600 _____ (Soft Systems) C:\Users\Sta\AppData\Roaming\swibp.dll
2013-07-17 23:14 - 2013-07-17 23:14 - 00003062 _____ C:\windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}
2013-07-17 23:14 - 2013-07-17 23:14 - 00000000 ____D C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad
2013-07-17 23:14 - 2012-05-31 11:01 - 00000000 ____D C:\Users\Sta\AppData\Local\CrashDumps
2013-07-17 23:13 - 2013-07-17 23:13 - 00840192 _____ (DS Team) C:\Users\Sta\AppData\Roaming\midefender.exe
2013-07-17 23:09 - 2013-07-17 23:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-17 23:02 - 2013-07-17 23:01 - 00002488 _____ C:\AdwCleaner[s1].txt
2013-07-17 22:42 - 2013-07-17 22:42 - 00000000 ____D C:\windows\ERUNT
2013-07-17 22:42 - 2012-07-02 08:55 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 22:38 - 2013-07-17 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 22:01 - 2013-07-17 22:00 - 03778560 _____ C:\Users\Sta\Downloads\RogueKillerX64.exe
2013-07-17 22:00 - 2013-07-17 22:00 - 00000000 ____D C:\windows\ERDNT
2013-07-17 21:59 - 2013-07-17 21:59 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-17 21:47 - 2013-07-17 21:47 - 00000000 ____D C:\FRST
2013-07-17 17:33 - 2013-07-17 13:53 - 00000000 ____D C:\CCE_Quarantine
2013-07-17 14:56 - 2012-05-19 09:19 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-17 14:08 - 2013-02-07 12:31 - 00019476 _____ C:\windows\PFRO.log
2013-07-17 14:08 - 2012-05-19 09:19 - 00000000 ____D C:\Program Files\Google
2013-07-17 14:01 - 2012-05-31 10:15 - 00000000 ____D C:\Users\Sta\AppData\Local\Google
2013-07-17 13:02 - 2012-05-31 13:49 - 00000000 ____D C:\Users\Sta\Documents\Outlook Files
2013-07-17 12:49 - 2012-05-31 09:58 - 00000000 ____D C:\Users\Sta\AppData\Local\TOSHIBA
2013-07-17 12:16 - 2013-04-10 13:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:16 - 2013-04-10 13:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-17 12:16 - 2012-05-31 13:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-17 12:16 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 12:16 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 12:16 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-17 12:15 - 2013-07-15 10:27 - 00000000 ____D C:\Users\Sta\AppData\Roaming\atUserBox54
2013-07-17 12:15 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2013-07-17 12:11 - 2012-05-31 13:08 - 00000000 __RHD C:\MSOCache
2013-07-16 09:35 - 2013-06-12 11:16 - 11421184 _____ C:\Users\Sta\Documents\Lantern - 4th Quarter 2012-2013.pub
2013-07-16 09:02 - 2013-02-01 10:22 - 00022356 _____ C:\Users\Sta\Documents\2013 - 2014 Payment Log.xlsx
2013-07-10 11:32 - 2013-04-03 09:11 - 00000000 ____D C:\Users\Sta\AppData\Local\{D546722B-3B38-4744-85B4-339FEFC7FF88}
2013-07-02 10:16 - 2012-06-12 14:23 - 00029943 _____ C:\Users\Sta\Documents\2012 - 2013 Payment Log.xlsx
2013-06-27 08:56 - 2013-02-20 08:48 - 00000000 ____D C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar
2013-06-27 08:55 - 2013-02-20 08:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-06-20 11:46 - 2012-06-12 14:31 - 00000000 ____D C:\Users\Sta\Documents\Documents  prior to 2010

Files to move or delete:
====================
C:\Users\Sta\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Sta\AppData\Roaming\skype.dat
C:\Users\Sta\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-04 10:49

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Sta at 2013-07-18 09:16:22
Running from C:\Users\Sta\Desktop\system shortcuts
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 2013 (Version: 2013.0.2904)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
AMD Media Foundation Decoders (Version: 1.0.60607.2201)
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Applet (HKCU)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.829.0)
AVG 2013 (Version: 13.0.2899)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3162)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J625DW (x32 Version: 1.0.19.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019)
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019)
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019)
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019)
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019)
CCC Help Czech (x32 Version: 2011.0607.2211.38019)
CCC Help Danish (x32 Version: 2011.0607.2211.38019)
CCC Help Dutch (x32 Version: 2011.0607.2211.38019)
CCC Help English (x32 Version: 2011.0607.2211.38019)
CCC Help Finnish (x32 Version: 2011.0607.2211.38019)
CCC Help French (x32 Version: 2011.0607.2211.38019)
CCC Help German (x32 Version: 2011.0607.2211.38019)
CCC Help Greek (x32 Version: 2011.0607.2211.38019)
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019)
CCC Help Italian (x32 Version: 2011.0607.2211.38019)
CCC Help Japanese (x32 Version: 2011.0607.2211.38019)
CCC Help Korean (x32 Version: 2011.0607.2211.38019)
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019)
CCC Help Polish (x32 Version: 2011.0607.2211.38019)
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019)
CCC Help Russian (x32 Version: 2011.0607.2211.38019)
CCC Help Spanish (x32 Version: 2011.0607.2211.38019)
CCC Help Swedish (x32 Version: 2011.0607.2211.38019)
CCC Help Thai (x32 Version: 2011.0607.2211.38019)
CCC Help Turkish (x32 Version: 2011.0607.2211.38019)
ccc-utility64 (Version: 2011.0607.2212.38019)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Conexant HD Audio (Version: 8.54.1.0)
Coupon Printer for Windows (x32 Version: 5.0.0.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
Fishdom 2 (x32 Version: 2.2.0.98)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.4.1)
Java 6 Update 25 (x32 Version: 6.0.250)
JNLP (HKCU)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4303.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
QuickTime (x32 Version: 7.74.80.86)
ReadyToPrint Organizer 5 (x32)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124)
Realtek WLAN Driver (x32 Version: 2.00.0016)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97)
Toshiba App Place (x32 Version: 1.0.6.3)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
Toshiba Book Place (x32 Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.10.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.10.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
Toshiba Online Backup (x32 Version: 2.0.0.31)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Service Station (x32 Version: 2.2.12)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.2)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBARegistration (x32 Version: 1.0.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.97)

==================== Restore Points  =========================

23-05-2013 12:33:29 Scheduled Checkpoint
04-06-2013 15:56:07 Scheduled Checkpoint
13-06-2013 13:59:09 Windows Update
17-06-2013 13:53:53 Windows Update
18-06-2013 13:40:34 Windows Update
02-07-2013 13:57:48 Windows Update
15-07-2013 14:01:39 Windows Update
15-07-2013 14:55:14 Windows Update
17-07-2013 18:59:43 Removed Google Earth Plug-in.
18-07-2013 14:05:25 Removed AVG 2013

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17E16AA4-225B-4416-AB0F-6C40A637430C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E3968C18-068E-4AE6-A790-FCD4D52F03AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F779D969-92F8-472C-8837-CE149F19F1EB} - System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E} => C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad\dabdcbdcfbaacbad.exe [2013-07-17] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2013 09:07:46 AM) (Source: MsiInstaller) (User: Sta-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27023. CA_Error27023: ToolbarStuff(0xE001D000): Toolbar install/uninstall failed

Error: (07/18/2013 09:03:24 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/18/2013 09:03:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:20:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:14:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x14b8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/17/2013 11:14:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: midefender.exe, version: 1.0.0.0, time stamp: 0x4ee3d1c5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x664
Faulting application start time: 0xmidefender.exe0
Faulting application path: midefender.exe1
Faulting module path: midefender.exe2
Report Id: midefender.exe3

Error: (07/17/2013 11:14:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000420
Fault offset: 0x00000000000c40f2
Faulting process id: 0xbb8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/17/2013 11:06:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:06:05 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (07/18/2013 09:08:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2847559).

Error: (07/18/2013 09:02:31 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (07/18/2013 09:02:26 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (07/18/2013 09:02:26 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (07/18/2013 09:02:22 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:53:37 PM on ‎7/‎17/‎2013 was unexpected.

Error: (07/17/2013 11:18:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
sjzgxw
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (07/17/2013 11:18:49 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (07/17/2013 11:18:49 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/17/2013 11:18:49 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (07/17/2013 11:18:49 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (07/18/2013 09:07:46 AM) (Source: MsiInstaller)(User: Sta-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 27023. CA_Error27023: ToolbarStuff(0xE001D000): Toolbar install/uninstall failed(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/18/2013 09:03:24 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/18/2013 09:03:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:20:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:14:53 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637VERSION.dll6.1.7600.163854a5bdb2bc0000005000015da14b801ce836d581efadbC:\windows\SysWOW64\rundll32.exeC:\windows\SysWOW64\VERSION.dll9807934d-ef60-11e2-8667-00266c16564f

Error: (07/17/2013 11:14:30 PM) (Source: Application Error)(User: )
Description: midefender.exe1.0.0.04ee3d1c5KERNELBASE.dll6.1.7601.1801550b83c8a0eedfade0000c41f66401ce836d3a2fd12dC:\Users\Sta\AppData\Roaming\midefender.exeC:\windows\syswow64\KERNELBASE.dll8acd5e35-ef60-11e2-8667-00266c16564f

Error: (07/17/2013 11:14:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000042000000000000c40f2bb801ce836c0c55a682C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll7b407ea3-ef60-11e2-8667-00266c16564f

Error: (07/17/2013 11:06:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:06:05 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 1638.87 MB
Available physical RAM: 490.59 MB
Total Pagefile: 3277.73 MB
Available Pagefile: 1340.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:219.67 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 0007F308)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

09:27:20.0562 1872  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
09:27:21.0062 1872  ============================================================
09:27:21.0062 1872  Current date / time: 2013/07/18 09:27:21.0062
09:27:21.0062 1872  SystemInfo:
09:27:21.0062 1872 
09:27:21.0062 1872  OS Version: 6.1.7601 ServicePack: 1.0
09:27:21.0062 1872  Product type: Workstation
09:27:21.0062 1872  ComputerName: STA-PC
09:27:21.0062 1872  UserName: Sta
09:27:21.0062 1872  Windows directory: C:\windows
09:27:21.0062 1872  System windows directory: C:\windows
09:27:21.0062 1872  Running under WOW64
09:27:21.0062 1872  Processor architecture: Intel x64
09:27:21.0062 1872  Number of processors: 2
09:27:21.0062 1872  Page size: 0x1000
09:27:21.0062 1872  Boot type: Normal boot
09:27:21.0062 1872  ============================================================
09:27:23.0698 1872  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:27:23.0760 1872  Drive \Device\Harddisk1\DR1 - Size: 0x76600000 (1.85 Gb), SectorSize: 0x200, Cylinders: 0xF1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:27:23.0776 1872  ============================================================
09:27:23.0776 1872  \Device\Harddisk0\DR0:
09:27:23.0776 1872  MBR partitions:
09:27:23.0776 1872  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
09:27:23.0776 1872  \Device\Harddisk1\DR1:
09:27:23.0792 1872  MBR partitions:
09:27:23.0792 1872  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B2FE0
09:27:23.0792 1872  ============================================================
09:27:23.0885 1872  C: <-> \Device\Harddisk0\DR0\Partition1
09:27:23.0885 1872  ============================================================
09:27:23.0885 1872  Initialize success
09:27:23.0885 1872  ============================================================
09:27:54.0165 0304  Deinitialize success
 

Link to post
Share on other sites

  • Root Admin

Please save the attached fixlist.txt file to the computer and then save to the USB stick and use the System Recovery Environment again with the USB stick and run the Fix again.
 
Run FRST or FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

 

 

Once that is done, then do it again but this time from Normal Windows Mode

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here is the fixlog after using System Recovery

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Sta at 2013-07-18 17:22:56 Run:2
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dmsvc => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
vToolbarUpdater13.3.2 => Service deleted successfully.
C:\Users\Sta\AppData\Local\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\AVG Secure Search => Moved successfully.
C:\Users\Sta\AppData\Roaming\dmsvc.dll => Moved successfully.
C:\Users\Sta\AppData\Roaming\swibp.dll => Moved successfully.
C:\Users\Sta\AppData\Roaming\midefender.exe => Moved successfully.
"C:\Users\Sta\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
C:\Users\Sta\AppData\Roaming\skype.ini => Moved successfully.
"C:\Users\Sta\AppData\Roaming\dmsvc.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\swibp.dll" => File/Directory not found.
C:\windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E} => Moved successfully.
"C:\Users\Sta\AppData\Roaming\midefender.exe" => File/Directory not found.

"C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory move:

C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_05_10_10_51_01.db => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_05_13_05_19_07.db => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_15_07_00_57.db => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_17_10_24_20.db => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Preferences => Moved successfully.
C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Web Data => Moved successfully.
Could not move "C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

"C:\ProgramData\AVG SafeGuard toolbar" directory move:

C:\ProgramData\AVG SafeGuard toolbar\Logger\logger.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\chrome.manifest => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\icon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\install.rdf => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\avg-dnt-adapter.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\avg.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\avgJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\Bindings.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\configuration.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\configuration_0.css => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\configuration_0.xul => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\HistoryCleaner.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\IOJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\Preferences.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\propertiesJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\about.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\active-threats18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\ajax-loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\CleanHistory.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\current.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\currently-safe18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\dnt.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\EULA.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\Facebook.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\feedback.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\feedicon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\help.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\icon-1G.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\icon-1R.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\icon18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\icon_search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\information-24.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\labs.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\performanceIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\privacy.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\questionmarkIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\surf-with-caution18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\uninstall.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\updating18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\skin\window-close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\zh-tw\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\zh-cn\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\tr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\tr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\th\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\th\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sv\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sv\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sk\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\sk\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ru\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ru\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ro\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ro\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pt-br\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pt-br\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pt\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pt\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\pl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\nl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\nl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\nb\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\nb\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ms\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ms\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ko\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ko\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ja\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\ja\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\it\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\it\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\id\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\id\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\hu\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\hu\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\hi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\hi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\fr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\fr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\fi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\fi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\es-es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\es-es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\en\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\en\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\el\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\el\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\de\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\de\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\da\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\da\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\cs\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\cs\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\af\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\modules\locale\af\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\locale\en-US\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\locale\en-US\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\components\avg-dnt-policy.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\components\nci.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\components\toolbarhomeApi.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11\chrome\avg.jar => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\chrome.manifest => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\icon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\install.rdf => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\avg-dnt-adapter.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\avg.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\avgJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\Bindings.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\configuration.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\configuration_0.css => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\configuration_0.xul => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\HistoryCleaner.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\IOJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\Preferences.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\propertiesJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\about.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\active-threats18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\ajax-loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\CleanHistory.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\current.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\currently-safe18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\dnt.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\EULA.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\Facebook.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\feedback.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\feedicon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\help.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\icon-1G.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\icon-1R.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\icon18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\icon_search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\information-24.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\labs.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\performanceIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\privacy.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\questionmarkIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\surf-with-caution18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\uninstall.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\updating18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\skin\window-close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\zh-tw\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\zh-cn\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\tr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\tr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\th\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\th\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sv\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sv\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sk\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\sk\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ru\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ru\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ro\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ro\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pt-br\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pt-br\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pt\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pt\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\pl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\nl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\nl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\nb\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\nb\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ms\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ms\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ko\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ko\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ja\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\ja\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\it\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\it\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\id\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\id\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\hu\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\hu\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\hi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\hi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\fr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\fr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\fi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\fi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\es-es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\es-es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\en\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\en\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\el\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\el\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\de\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\de\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\da\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\da\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\cs\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\cs\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\af\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\modules\locale\af\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\locale\en-US\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\locale\en-US\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\components\avg-dnt-policy.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\components\nci.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\components\toolbarhomeApi.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5\chrome\avg.jar => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\chrome.manifest => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\icon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\install.rdf => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\avg-dnt-adapter.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\avg.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\avgJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\Bindings.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\configuration.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\configuration_0.css => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\configuration_0.xul => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\HistoryCleaner.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\IOJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\Preferences.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\propertiesJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\about.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\active-threats18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\ajax-loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\CleanHistory.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\current.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\currently-safe18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\dnt.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\EULA.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\Facebook.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\feedback.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\feedicon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\help.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\icon18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\icon_search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\information-24.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\labs.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\performanceIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\privacy.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\questionmarkIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\surf-with-caution18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\uninstall.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\updating18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\skin\window-close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\zh-tw\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\zh-cn\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\tr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\tr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\th\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\th\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sv\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sv\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sk\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\sk\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ru\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ru\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ro\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ro\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pt-br\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pt-br\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pt\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pt\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\pl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\nl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\nl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\nb\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\nb\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ms\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ms\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ko\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ko\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ja\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\ja\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\it\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\it\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\id\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\id\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\hu\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\hu\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\hi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\hi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\fr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\fr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\fi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\fi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\es-es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\es-es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\en\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\en\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\el\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\el\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\de\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\de\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\da\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\da\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\cs\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\cs\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\af\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\modules\locale\af\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\locale\en-US\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\locale\en-US\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\components\avg-dnt-policy.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\components\nci.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\components\toolbarhomeApi.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2\chrome\avg.jar => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\chrome.manifest => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\icon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\install.rdf => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avg-dnt-adapter.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avg.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\avgJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\Bindings.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\configuration.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\configuration_0.css => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\configuration_0.xul => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\HistoryCleaner.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\IOJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\Preferences.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\propertiesJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\about.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\active-threats18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\ajax-loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\CleanHistory.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\current.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\currently-safe18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\dnt.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\EULA.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\Facebook.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\feedback.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\feedicon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\help.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\icon18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\icon_search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\information-24.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\labs.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\performanceIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\privacy.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\questionmarkIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\surf-with-caution18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\uninstall.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\updating18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\skin\window-close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-tw\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\zh-cn\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\tr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\tr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\th\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\th\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sv\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sv\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sk\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\sk\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ru\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ru\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ro\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ro\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt-br\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt-br\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pt\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\pl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nb\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\nb\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ms\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ms\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ko\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ko\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ja\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\ja\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\it\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\it\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\id\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\id\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hu\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hu\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\hi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\fi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es-es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es-es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\en\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\en\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\el\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\el\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\de\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\de\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\da\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\da\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\cs\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\cs\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\af\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\modules\locale\af\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\locale\en-US\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\locale\en-US\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\components\avg-dnt-policy.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\components\nci.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\components\toolbarhomeApi.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1\chrome\avg.jar => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\chrome.manifest => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\icon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\install.rdf => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\avg-dnt-adapter.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\avg.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\avgJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\Bindings.xml => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\configuration.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\configuration_0.css => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\configuration_0.xul => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\HistoryCleaner.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\IOJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\Preferences.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\propertiesJsm.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\about.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\active-threats18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\ajax-loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\CleanHistory.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\current.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\currently-safe18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\dnt.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\Facebook.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\feedback.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\feedicon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\help.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\icon-1G.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\icon-1R.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\icon18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\icon_search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\information-24.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\labs.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\loader.gif => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\performanceIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\questionmarkIcon.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\search.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\surf-with-caution18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\uninstall.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\updating18.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\skin\window-close.png => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\zh-tw\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\zh-tw\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\zh-cn\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\zh-cn\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\tr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\tr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\th\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\th\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sv\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sv\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sk\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\sk\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ru\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ru\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ro\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ro\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pt-br\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pt-br\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pt\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pt\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\pl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\nl\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\nl\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\nb\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\nb\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ms\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ms\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ko\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ko\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ja\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\ja\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\it\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\it\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\id\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\id\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\hu\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\hu\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\hi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\hi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\fr\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\fr\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\fi\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\fi\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\es-es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\es-es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\es\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\es\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\en\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\en\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\el\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\el\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\de\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\de\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\da\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\da\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\cs\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\cs\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\af\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\modules\locale\af\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\locale\en-US\global.dtd => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\locale\en-US\global.properties => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\components\avg-dnt-policy.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\components\nci.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\components\toolbarhomeApi.js => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14\chrome\avg.jar => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.3.0.11\avg.crx => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.2.0.5\avg.crx => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.1.0.2\avg.crx => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.2.0.1\avg.crx => Moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.0.0.14\avg.crx => Moved successfully.
Could not move "C:\ProgramData\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.
C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F779D969-92F8-472C-8837-CE149F19F1EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F779D969-92F8-472C-8837-CE149F19F1EB} => Key deleted successfully.
C:\Windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8026F648-B554-430D-BC33-BDD57F96839E} => Key deleted successfully.

 

 

=============================

and here is the fixlog after using Normal Mode

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-07-2013
Ran by Sta at 2013-07-18 17:33:36 Run:3
Running from C:\Users\Sta\Desktop
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dmsvc => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
vToolbarUpdater13.3.2 => Service not found.
"C:\Users\Sta\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\dmsvc.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\swibp.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\midefender.exe" => File/Directory not found.
"C:\Users\Sta\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\dmsvc.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\swibp.dll" => File/Directory not found.
"C:\windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\midefender.exe" => File/Directory not found.

"C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory move:

Could not move "C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

"C:\ProgramData\AVG SafeGuard toolbar" directory move:

Could not move "C:\ProgramData\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.
"C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F779D969-92F8-472C-8837-CE149F19F1EB} => Key not found.
C:\Windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8026F648-B554-430D-BC33-BDD57F96839E} => Key not found.

=========== Result of Scheduled Files to move ===========
"C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" => Directory could not move.
"C:\ProgramData\AVG SafeGuard toolbar" => Directory could not move.

==== End of Fixlog ====

 

It also saved this fixlog on the desktop

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-07-2013
Ran by Sta at 2013-07-18 17:33:36 Run:3
Running from C:\Users\Sta\Desktop
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dmsvc => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
vToolbarUpdater13.3.2 => Service not found.
"C:\Users\Sta\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\dmsvc.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\swibp.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\midefender.exe" => File/Directory not found.
"C:\Users\Sta\AppData\Local\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\dmsvc.dll" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\swibp.dll" => File/Directory not found.
"C:\windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E}" => File/Directory not found.
"C:\Users\Sta\AppData\Roaming\midefender.exe" => File/Directory not found.

"C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory move:

Could not move "C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

"C:\ProgramData\AVG SafeGuard toolbar" directory move:

Could not move "C:\ProgramData\AVG SafeGuard toolbar" directory. => Scheduled to move on reboot.

HKU\Sta\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.
"C:\Users\Sta\AppData\Local\2dabd7cb-d07c-497f-ba33-7a18167133cbad" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F779D969-92F8-472C-8837-CE149F19F1EB} => Key not found.
C:\Windows\System32\Tasks\{8026F648-B554-430D-BC33-BDD57F96839E} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8026F648-B554-430D-BC33-BDD57F96839E} => Key not found.

=========== Result of Scheduled Files to move ===========
"C:\Users\Sta\AppData\Local\AVG SafeGuard toolbar" => Directory could not move.
"C:\ProgramData\AVG SafeGuard toolbar" => Directory could not move.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Okay that looks good. Please start MBAM and check for updates.  Then do a Quick Scan and post back that log.

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

You didn't specify what to do if it found any threats...so I have not closed out the action window but here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Sta :: STA-PC [administrator]

7/18/2013 7:39:35 PM
MBAM-log-2013-07-18 (19-49-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216621
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Sta\AppData\Roaming\skype.dat (Trojan.Agent) -> No action taken.
C:\Users\Sta\AppData\Local\Temp\C1D8.tmp (Trojan.FakeAlert.ED) -> No action taken.
C:\Users\Sta\AppData\Local\Temp\D356.tmp (Trojan.FakeAlert.ED) -> No action taken.

(end)

 

 

 Results of screen317's Security Check version 0.99.70 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2013  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 25 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes Anti-Malware mbam.exe 
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 Common Files Microsoft Shared Microsoft Online Services smss.exe -?-
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
 Common Files Microsoft Shared Microsoft Online Services audiodg.exe -?-
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

I'm going to be on the road with limited access to the board until Tuesday but I will try to check back in if possible.

For now please make sure both your AVG antivirus is up to date and do a scan with it.  Also make sure MBAM is up to date and do a Quick Scan with it.

 

I'll check back with you when I get back.

 

Thanks

 

Link to post
Share on other sites

Ok - I used utilities to do a removal of both MBAM and AVG and did clean installs of free versions of both (waiting for approval to upgrade to paid versions).  In the meantime, did a full scan with both and here are the logs - I removed any threat that was found.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Sta :: STA-PC [administrator]

7/21/2013 2:22:59 PM
mbam-log-2013-07-21 (14-22-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362847
Time elapsed: 1 hour(s), 33 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\FRST\Quarantine\dmsvc.dll (Trojan.Medfos) -> Quarantined and deleted successfully.

(end)

 

 

Whole Computer Scan                       High priority;"8";"8";"0"                       Folders selected for scanning:;"Scan Whole Computer"                 Started:;"7/21/2013, 1:14:00 PM"                     Finished:;"7/21/2013, 2:15:33 PM"                     Total object scanned:;"1420576"                     User who launched the scan:;"Sta"                                                 Status;"Priority";"Name";"Description";"Result"                   Healed;"High";"Virus found Win32/Cryptor";"C:\CCE_Quarantine\{8FDB4AD1-F490-49B2-AC4E-D119D24CFD63}";"Secured"     Healed;"High";"Trojan horse Generic33.COHB";"C:\FRST\Quarantine\rundll32.exe";"Secured"           Healed;"High";"Virus found FakeAlert";"C:\FRST\Quarantine\windowsupdate.exe";"Secured"           Healed;"High";"Trojan horse Generic33.COHB";"C:\FRST\Quarantine\notepad.exe";"Secured"           Healed;"High";"Virus found Win32/Cryptor";"C:\FRST\Quarantine\swibp.dll";"Secured"             Healed;"High";"Trojan horse FakeAV_s.YI";"C:\FRST\Quarantine\midefender.exe";"Secured"           Healed;"High";"Trojan horse Generic33.COED";"C:\FRST\Quarantine\2dabd7cb-d07c-497f-ba33-7a18167133cbad\dabdcbdcfbaacbad.exe";"Secured" Healed;"High";"Trojan horse Generic33.COED";"C:\FRST\Quarantine\mstsc.exe";"Secured"          

 

Do I need to run any other programs on it??  Also, when I upgrade to paid versions, should I do the uninstall and reinstall fresh or while it upgrade seamlessly??

 

The machine seems to be running much better - no more out of date popups, google is not redirecting and of course, it will start and run in Normal mode ... so, many, many thanks for walking me through the necessary steps to get it to this point!!

 

~J

Link to post
Share on other sites

  • Root Admin

Hi there.  Please run the following for me and if its good then we'll go ahead and clean up and get you back on the paid versions.

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.