Jump to content

Can't Uninstall Snap.Do


Recommended Posts

I have just been infected with the Snap.Do virus. I had run Malwarebytes and AdwCleaner and it has done some cleanup but I am unable to uninstall the program from Control Panel > Program and Features. "Snap.Do" and "Snap.Do Engine" is still listed there and there is no response when i click on Uninstall.

 

Please help.

Link to post
Share on other sites

Probably the easiest way to remove entries from your add/remove programs is with CCleaner (you may already have it).
It's also great for cleaning out temp files and I use and recommend it.
Just stay way from the Registry Cleaner.

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

After it's installed > Open up CCleaner > go to Tools > Uninstall > Highlight the entry you want to remove > now click Delete Entry.
That should remove it.

MrC

Link to post
Share on other sites

After opening CCleaner, I clicked on Tools>Uninstall and search for Snap.Do entries. There were three of them (2 entries for Snap.Do, and another called Snap.Do Engine). I select the entries one at a time and click "Delete Entry". One of the Snap.Do entries and the Snap.Do Engine entry can be deleted. However, the other Snap.Do entry can't be deleted, with the message prompt "Cannot delete MSI installer".

 

A check at Control Panel > Program and Features does not contain Snap.Do anymore though.

Link to post
Share on other sites

CCleaner will delete the registry entry that shows in your add/remove programs.

It will also uninstall the program if it's still installed.

Run JRT and see if it cleans up any leftovers:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

Here's the contents of JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Basic x64
Ran by G470 on Mon 11/11/2013 at  9:36:40.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/11/2013 at  9:41:50.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Is it listed in your add/remove programs???

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

It not listed in my Control Panel's Add/Remove program list. It only appears in CCleaner's Tools>Uninstall list.

 

The following is the FRST.tst log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by G470 (administrator) on G470-PC on 11-11-2013 21:43:15
Running from D:\HH
Windows 7 Home Basic Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2012-09-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2710856 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-04] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
IMEO\bjmyprt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\bttray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\cnslmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\youcam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FDF9E075F96CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======


CHR DefaultSearchURL: (Web) - http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=MY&userid=6efa9573-eb2a-b9cd-565d-a8eed1b616f0&searchtype=ds&q={searchTerms}&installDate=10/11/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\G470\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\G470\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Bejeweled) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Angry Birds) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (YouTube) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SnapDo) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0
CHR Extension: (Cut the Rope) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (RealDownloader) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Autodesk Homestyler) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0
CHR Extension: (Cargo Bridge) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0
CHR Extension: (Planner 5D) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0
CHR Extension: (Poppit) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Fishing Joy) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc\1.0.8.0_0
CHR Extension: (Google Wallet) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Mobialia Chess 3D) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm\1.2_0
CHR Extension: (Gmail) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-11 21:42 - 2013-11-11 21:42 - 00000000 ____D C:\FRST
2013-11-11 19:41 - 2013-11-11 19:41 - 00000056 _____ C:\Windows\setupact.log
2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 09:36 - 2013-11-11 09:36 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 08:48 - 2013-10-30 18:27 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll
2013-11-11 08:48 - 2013-10-30 18:27 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll
2013-11-11 08:48 - 2013-10-30 18:27 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-11-11 08:48 - 2013-10-30 18:27 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2013-11-11 08:46 - 2013-10-30 18:27 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-11-11 08:42 - 2013-11-11 08:53 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-11 08:32 - 2013-11-11 08:32 - 00000000 ____D C:\Users\G470\AppData\Roaming\ImgBurn
2013-11-11 07:55 - 2013-11-11 21:04 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-11 07:54 - 2013-11-11 08:08 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 22:06 - 2013-11-10 23:05 - 00000000 ____D C:\AdwCleaner
2013-11-10 21:17 - 2013-11-10 21:17 - 00002453 _____ C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-10 21:13 - 2013-11-10 21:13 - 00001865 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-10 21:13 - 2013-11-10 21:13 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-11-10 20:03 - 2013-11-10 20:03 - 00000000 ____D C:\Users\G470\Documents\The KMPlayer
2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\G470\AppData\Roaming\RealNetworks
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-31 10:19 - 2013-10-31 10:19 - 00000613 _____ C:\Users\G470\Desktop\HH - Shortcut.lnk
2013-10-29 23:15 - 2013-10-29 23:15 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-10-29 23:14 - 2013-10-29 23:14 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-10-29 23:03 - 2013-11-01 22:43 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-10-29 22:59 - 2013-10-29 22:59 - 00002039 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk
2013-10-29 22:59 - 2013-10-29 22:59 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-10-29 22:56 - 2013-10-29 22:56 - 00000000 ____D C:\Program Files\Canon
2013-10-29 22:55 - 2013-10-29 22:55 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkSE.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkID.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkGR.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkFI.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTR.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTH.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkNO.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkKR.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkDK.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkAR.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002048 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTW.DLL
2013-10-29 22:54 - 2009-11-25 15:56 - 00002048 _____ (Canon Inc.) C:\Windows\system32\CNCFLkCN.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkRU.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkPT.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkPL.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkNL.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkIT.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkFR.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkES.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkDE.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkHU.DLL
2013-10-29 22:54 - 2009-11-25 15:55 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkCZ.DLL
2013-10-29 22:54 - 2009-10-22 11:30 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkUS.DLL
2013-10-29 22:54 - 2009-10-22 11:30 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkJP.DLL
2013-10-29 22:53 - 2013-10-29 22:53 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-10-29 22:53 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMA5.DLL
2013-10-29 22:50 - 2009-10-22 11:33 - 00343552 _____ (Canon Inc.) C:\Windows\system32\CNCF2Lk.DLL
2013-10-29 22:50 - 2009-10-22 11:30 - 00182272 _____ (Canon Inc.) C:\Windows\system32\CNCFMSk.EXE
2013-10-29 22:49 - 2013-10-29 22:49 - 00000000 ___HD C:\Program Files\CanonBJ
2013-10-29 22:49 - 2011-01-06 13:09 - 01324544 _____ (CANON INC.) C:\Windows\system32\CNC340C.dll
2013-10-29 22:49 - 2011-01-06 13:09 - 00109568 _____ (CANON INC.) C:\Windows\system32\CNC340I.dll
2013-10-29 22:49 - 2011-01-06 13:07 - 00102400 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340U.dll
2013-10-29 22:49 - 2009-10-19 16:30 - 00346624 _____ (CANON INC.) C:\Windows\system32\CNC340L.dll
2013-10-29 22:49 - 2009-10-19 16:29 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340L.dll
2013-10-29 22:49 - 2009-09-10 17:00 - 00245760 _____ (CANON INC.) C:\Windows\system32\CNMIUA5.DLL
2013-10-29 22:49 - 2009-06-23 14:35 - 00014592 _____ C:\Windows\SysWOW64\CNC1741D.TBL
2013-10-29 22:49 - 2009-06-23 14:35 - 00014592 _____ C:\Windows\system32\CNC1741D.TBL
2013-10-29 22:49 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-10-29 22:49 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-10-29 22:48 - 2013-10-29 22:49 - 00000000 ____D C:\Windows\system32\STRING
2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\CHM
2013-10-29 22:48 - 2009-10-09 23:01 - 00337920 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2013-10-29 22:48 - 2009-10-09 23:01 - 00144384 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2013-10-29 22:47 - 2013-10-29 23:03 - 00000000 ____D C:\Program Files (x86)\Canon
2013-10-22 10:19 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-22 10:19 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-11-11 21:42 - 2013-11-11 21:42 - 00000000 ____D C:\FRST
2013-11-11 21:04 - 2013-11-11 07:55 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-11 19:48 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 19:48 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 19:44 - 2012-09-06 16:38 - 01506414 _____ C:\Windows\WindowsUpdate.log
2013-11-11 19:41 - 2013-11-11 19:41 - 00000056 _____ C:\Windows\setupact.log
2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 19:41 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 17:02 - 2013-06-29 19:29 - 00000000 ____D C:\ProgramData\MFAData
2013-11-11 10:33 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 09:36 - 2013-11-11 09:36 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 09:22 - 2012-09-18 14:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA.job
2013-11-11 09:22 - 2012-09-18 14:48 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core.job
2013-11-11 09:15 - 2013-06-29 21:06 - 00003758 _____ C:\Windows\System32\Tasks\Real Player online update program
2013-11-11 09:13 - 2012-09-18 14:48 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA
2013-11-11 09:13 - 2012-09-18 14:48 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core
2013-11-11 08:54 - 2013-06-29 21:06 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-11-11 08:53 - 2013-11-11 08:42 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-11 08:53 - 2013-06-29 21:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-11-11 08:53 - 2013-06-29 21:01 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-11-11 08:53 - 2012-09-18 14:32 - 00000000 ____D C:\Users\G470\AppData\Local\Microsoft Help
2013-11-11 08:53 - 2012-09-06 17:51 - 00000000 ____D C:\Users\G470\AppData\Local\Downloaded Installations
2013-11-11 08:49 - 2013-06-29 21:01 - 00000000 ____D C:\ProgramData\AVG
2013-11-11 08:45 - 2013-06-29 21:02 - 00000000 ____D C:\Users\G470\AppData\Roaming\AVG
2013-11-11 08:45 - 2013-06-29 19:36 - 00000000 ____D C:\Program Files (x86)\AVG
2013-11-11 08:32 - 2013-11-11 08:32 - 00000000 ____D C:\Users\G470\AppData\Roaming\ImgBurn
2013-11-11 08:08 - 2013-11-11 07:54 - 00000000 ____D C:\Program Files\CCleaner
2013-11-11 08:01 - 2013-06-29 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-11 08:01 - 2012-09-19 22:06 - 00000000 ____D C:\Users\G470\AppData\Roaming\Media Player Classic
2013-11-11 08:00 - 2012-09-07 08:34 - 00000000 ____D C:\Windows\Panther
2013-11-10 23:05 - 2013-11-10 22:06 - 00000000 ____D C:\AdwCleaner
2013-11-10 21:17 - 2013-11-10 21:17 - 00002453 _____ C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-10 21:13 - 2013-11-10 21:13 - 00001865 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-10 21:13 - 2013-11-10 21:13 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-11-10 20:03 - 2013-11-10 20:03 - 00000000 ____D C:\Users\G470\Documents\The KMPlayer
2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\G470\AppData\Roaming\RealNetworks
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-11-08 14:38 - 2013-01-01 21:18 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-08 14:38 - 2013-01-01 21:18 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-08 14:38 - 2013-01-01 21:18 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-08 14:38 - 2013-01-01 21:17 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-08 14:38 - 2013-01-01 21:14 - 00000000 ____D C:\ProgramData\Real
2013-11-08 14:37 - 2013-01-01 21:18 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-11-08 14:37 - 2013-01-01 21:18 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-11-08 14:37 - 2013-01-01 21:18 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-01 22:43 - 2013-10-29 23:03 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-10-31 10:19 - 2013-10-31 10:19 - 00000613 _____ C:\Users\G470\Desktop\HH - Shortcut.lnk
2013-10-30 18:27 - 2013-11-11 08:48 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll
2013-10-30 18:27 - 2013-11-11 08:48 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll
2013-10-30 18:27 - 2013-11-11 08:48 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-10-30 18:27 - 2013-11-11 08:48 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2013-10-30 18:27 - 2013-11-11 08:46 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-10-29 23:15 - 2013-10-29 23:15 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-10-29 23:14 - 2013-10-29 23:14 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-10-29 23:03 - 2013-10-29 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-10-29 22:59 - 2013-10-29 22:59 - 00002039 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk
2013-10-29 22:59 - 2013-10-29 22:59 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-10-29 22:56 - 2013-10-29 22:56 - 00000000 ____D C:\Program Files\Canon
2013-10-29 22:55 - 2013-10-29 22:55 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-29 22:53 - 2013-10-29 22:53 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-10-29 22:50 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2013-10-29 22:49 - 2013-10-29 22:49 - 00000000 ___HD C:\Program Files\CanonBJ
2013-10-29 22:49 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\STRING
2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\CHM
2013-10-28 12:08 - 2013-06-29 19:38 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-23 10:48 - 2012-09-18 14:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-17 13:56 - 2009-07-14 13:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-14 15:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\G470\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 03:57

==================== End Of Log ============================

Link to post
Share on other sites

This is from the Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by G470 at 2013-11-11 21:45:25
Running from D:\HH
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.4.402.265)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.229)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229)
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 3.1 (x32)
Canon MX340 series MP Drivers
Canon Speed Dial Utility (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
CCleaner (Version: 4.07)
Celestia 1.6.1 (x32)
Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0)
Conexant HD Audio (Version: 8.54.4.51)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Energy Management (x32 Version: 6.0.2.0)
Google Chrome (HKCU Version: 30.0.1599.101)
ImgBurn (x32 Version: 2.5.8.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2342)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (x32 Version: 1.10.1209.1)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo YouCam (x32 Version: 3.1.3623)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
RealDownloader (x32 Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.3)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10003)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Stellarium 0.11.4 (x32 Version: 0.11.4)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
The KMPlayer (remove only) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
UserGuide (x32 Version: 1.0.0.6)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points  =========================

15-10-2013 11:38:20 Windows Update
20-10-2013 12:00:35 Windows Update
23-10-2013 02:38:13 Windows Update
27-10-2013 06:37:30 Windows Update
31-10-2013 15:23:08 Windows Update
04-11-2013 05:53:20 Windows Update
07-11-2013 09:53:38 Windows Update
10-11-2013 12:58:03 Windows Update
11-11-2013 00:43:44 Installed AVG PC TuneUp 2014

==================== Hosts content: ==========================

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07C2352B-1BC6-461F-9E5D-CFDADFE4988F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {0A4D3EC6-7335-434A-9F1F-51A34329895B} - System32\Tasks\Google Updater and Installer => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {12A9D06B-B051-44E6-B097-BD471218E9E1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1EEFCA68-4A4C-4F75-B719-C10FB192BE9D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-11-08] (RealNetworks, Inc.)
Task: {21678292-B2CA-48B1-A4D1-FBA0BD32745D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {39643A6C-46CF-4E6A-A3F1-02F565192C08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {40628B04-C97B-4858-803D-80702B6386AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {52229667-7B9B-4465-BC80-6CE740F32723} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: {553BB90B-0BAA-41D6-B124-BB32478ECBBC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {57260115-5149-4EEF-91DA-B36F4EA1BC11} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {62AC3C4E-98FC-46F4-94AE-C447F362020D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {7FCF4DEE-0D43-450C-AC79-4F2CEA480434} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {93F1B5CF-2A6C-4E3B-B388-DD56442DD2BC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A2921FE9-F07B-4C8A-BA41-F2B4A5149D08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core.job => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA.job => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-12-20 03:20 - 2012-09-06 17:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2012-09-06 17:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-09-06 16:53 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-15 08:08 - 2013-08-15 08:08 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\563d7e5043ac090c49e50f7fc21fc1b9\IsdiInterop.ni.dll
2012-09-06 17:06 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 07:41:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:29:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 10:19:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2013 10:19:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/11/2013 09:50:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/11/2013 09:50:07 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/11/2013 05:09:57 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/11/2013 10:34:07 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/11/2013 09:50:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/11/2013 09:50:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (11/11/2013 09:47:30 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (11/11/2013 07:41:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:29:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 10:19:46 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (11/11/2013 10:19:43 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/11/2013 09:50:54 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/11/2013 09:50:07 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1991.86 MB
Available physical RAM: 207.25 MB
Total Pagefile: 3983.72 MB
Available Pagefile: 796.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.75 GB) (Free:86.06 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:323.83 GB) (Free:203.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=324 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Link to post
Share on other sites

The only place it's listed are these two places:

CHR Extension: (SnapDo) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0

CHR DefaultSearchURL: (Web) - http://feed.snapdo.c...Date=10/11/2013

I'm not sure why it shows in CCleaner, nothing to worry about.

MrC

Link to post
Share on other sites

A little clean up to do....


Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.