Jump to content

Recommended Posts

I've been running Malwarebytes for years and finally upgraded to Pro a year or so ago.  During the 4+ years I've been using this particular PC, I've really only ever had 1 nasty virus prior to today, so I've been very happy with the program. 

 

Early this morning, commercials, news, and music began playing unexpectedly. Unable to locate the source, I closed my browser tabs and the sound continued.  I ran a full scan and nothing was detected. A short time later, I received a message about Windows needing to close because the Plug & Play service had quit unexpectedly.  About a minute later, the computer rebooted itself.  

 

Soon after opening, the same ads and news audio came on again.  I did a search and a YouTuber said that using Kaspersky's TDSSkiller would quickly fix this problem.  I ran it, and the report said it found and eliminated 2 threats and then asked me what to do with the 3rd possible threat, which it described as 'medium-level'.   I chose delete.  

 

After a reboot, the same audio was back.  Another search brought up the suggestion from the guy who said to run Chameleon IF the Anti-Root Kit did not work.  I was unable to get the anti-root kit to work.  The scan stopped both times, citing 'denial of access'.  His last suggestion was to run Chameleon, which would pretty much fix everything.  

 

I ran Chameleon #1 and #2 and during #2, I got a message that the dcom server process launcher had terminated unexpectedly and Windows restarted itself again (not a full system reboot).  

 

This time, there was no mystery audio. 

 

I went back to where I was and ran Chameleon #1 and #2 again.  Then I ran #3.  And #4.  Still no audio.  It's been about 2 hours with no restarts, no mystery audio and regular audio plays fine.  

 

Malwarebytes still detecting no threats. Do I need to continue through 12 Chameleons, or am I fine to stop now?  

 

Thanks! 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Hi, and thank you for your quick response. Unfortunately, the mystery audio returned and the system did a reboot right after I ran the FRST scan.  The mystery audio is playing now. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Tre (administrator) on TRE-PC on 18-01-2014 14:04:57
Running from C:\Users\Tre\Desktop
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Spotify Ltd) C:\Users\Tre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AVG9_TRAY] - C:\Program Files\AVG\AVG9\avgtray.exe [2065760 2010-07-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1135304 2012-12-17] (ACD Systems)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Tre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-31] (Spotify Ltd)
HKCU\...\Run: [TempDIR] - C:\Users\Tre\AppData\Local\Sony\TempDIR\cbhnagcd.dll [589824 2013-06-15] (Autodesk) <===== ATTENTION
HKCU\...\Run: [Wqworks] - regsvr32.exe C:\Users\Tre\AppData\Local\Wqworks\FBJediVCSIntegration.dll <===== ATTENTION
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
MountPoints2: {1aded6eb-802b-11e2-a90b-406186974c6d} - I:\iStudio.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.femflex.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9798AED9B71CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKLM - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKLM - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
SearchScopes: HKCU - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKCU - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Open FVD Suite IE Plugin - {2B171655-A70C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - FVD Suite IE Plugin - {2B171655-A70C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
Toolbar: HKCU - FVD Suite IE Plugin - {2B171655-A70C-5C18-B693-6CB5DC269D41} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default

FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: ActiveGS - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\activegs@freetoolsassociation.com [2011-04-27]
FF Extension: Разпознаване на устройство Logitech - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\DeviceDetection@logitech.com [2011-11-11]
FF Extension: SelectionLinks - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\plugin@selectionlinks.com [2013-01-12]
FF Extension: We-Care App - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\wecarereminder@bryan [2013-12-03]
FF Extension: Flash Video Downloader - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\artur.dubovoy@gmail.com.xpi [2012-09-12]
FF Extension: Video Downloader - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\gfglqqlzyr@gfglqqlzyr.org.xpi [2013-06-12]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2010-07-05]

Chrome:
=======

CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (0) - C:\Users\Tre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbmhonenddnnmbailokbccgmikhkpni [2011-07-21]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-06] (AVG Technologies CZ, s.r.o.)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-13] (Microsoft Corporation)
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-07-06] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29584 2010-07-06] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-07-05] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243024 2010-07-06] (AVG Technologies CZ, s.r.o.)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28160 2009-07-14] (Hauppauge Computer Works, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-13] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-18 13:55 - 2014-01-18 14:04 - 00015749 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-18 13:54 - 2014-01-18 13:54 - 01220608 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-18 13:54 - 2014-01-18 13:54 - 00000000 ____D C:\FRST
2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____S C:\Windows\system32\buruyy.twp
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:42 - 2014-01-17 12:53 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:08 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:05 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller2.exe
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 11:56 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller.exe
2014-01-17 10:31 - 2014-01-17 10:31 - 00000000 ____D C:\Users\Tre\AppData\Local\Wqworks
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:17 - 2014-01-17 10:17 - 00028672 _____ C:\Windows\system32\mcgfcvx.fmz
2014-01-17 10:07 - 2014-01-17 15:30 - 00000087 _____ C:\Windows\system32\awwt.pja
2014-01-17 10:07 - 2014-01-17 10:17 - 00000102 _____ C:\Windows\system32\ibuepex.azc
2014-01-17 10:07 - 2014-01-17 10:07 - 00000064 _____ C:\Windows\system32\ufnaxc.abe
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 ____S C:\Windows\system32\lplwr.elv
2014-01-16 21:35 - 2014-01-16 21:35 - 00092672 _____ (Microsoft Corporation) C:\Users\Tre\AppData\Roaming\qvewome.dll
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird
2013-12-20 16:41 - 2013-12-20 16:41 - 00003173 _____ C:\Users\Tre\Documents\talking_20131220.txt
2013-12-19 18:14 - 2013-12-19 18:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 18:00 - 2013-12-29 09:15 - 00000000 ____D C:\looking at items

==================== One Month Modified Files and Folders =======

2014-01-18 14:05 - 2014-01-18 13:55 - 00015749 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-18 14:02 - 2010-09-03 13:16 - 00000000 ____D C:\Windows\system32\logishrd
2014-01-18 14:02 - 2010-09-03 07:02 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 14:02 - 2010-07-05 20:04 - 00000366 _____ C:\Windows\Tasks\AWC Startup.job
2014-01-18 14:02 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 14:02 - 2009-07-13 20:39 - 00043923 _____ C:\Windows\setupact.log
2014-01-18 13:58 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 13:58 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-18 13:54 - 2014-01-18 13:54 - 01220608 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-18 13:54 - 2014-01-18 13:54 - 00000000 ____D C:\FRST
2014-01-18 13:46 - 2014-01-18 13:46 - 00000000 ____S C:\Windows\system32\buruyy.twp
2014-01-18 13:46 - 2010-09-03 07:02 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 11:03 - 2010-07-05 18:46 - 01522309 _____ C:\Windows\WindowsUpdate.log
2014-01-17 15:30 - 2014-01-17 10:07 - 00000087 _____ C:\Windows\system32\awwt.pja
2014-01-17 13:34 - 2010-07-05 19:04 - 00804424 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 13:24 - 2010-10-04 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:53 - 2014-01-17 12:42 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:41 - 2014-01-17 12:08 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 10:31 - 2014-01-17 10:31 - 00000000 ____D C:\Users\Tre\AppData\Local\Wqworks
2014-01-17 10:30 - 2010-07-06 06:56 - 00000000 ____D C:\Users\Tre\AppData\Local\Sony
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:17 - 2014-01-17 10:17 - 00028672 _____ C:\Windows\system32\mcgfcvx.fmz
2014-01-17 10:17 - 2014-01-17 10:07 - 00000102 _____ C:\Windows\system32\ibuepex.azc
2014-01-17 10:07 - 2014-01-17 10:07 - 00000064 _____ C:\Windows\system32\ufnaxc.abe
2014-01-17 10:07 - 2012-09-12 11:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 ____S C:\Windows\system32\lplwr.elv
2014-01-16 21:35 - 2014-01-16 21:35 - 00092672 _____ (Microsoft Corporation) C:\Users\Tre\AppData\Roaming\qvewome.dll
2014-01-16 16:09 - 2010-10-09 06:06 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-09 10:46 - 2010-03-14 10:25 - 00000000 ____D C:\captures
2014-01-07 10:33 - 2010-07-05 19:10 - 00000000 ____D C:\Users\Tre\AppData\Roaming\vlc
2013-12-29 09:15 - 2013-12-19 18:00 - 00000000 ____D C:\looking at items
2013-12-23 15:29 - 2010-05-02 11:46 - 00000000 ____D C:\family
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird
2013-12-20 16:41 - 2013-12-20 16:41 - 00003173 _____ C:\Users\Tre\Documents\talking_20131220.txt
2013-12-19 18:14 - 2013-12-19 18:14 - 00000000 ____D C:\Program Files\Mozilla Firefox

ZeroAccess:
C:\Users\Tre\AppData\Local\{5402e72f-fdea-f5ed-afd0-b87d60cd03b3}
C:\Users\Tre\AppData\Local\{5402e72f-fdea-f5ed-afd0-b87d60cd03b3}\@
C:\Users\Tre\AppData\Local\{5402e72f-fdea-f5ed-afd0-b87d60cd03b3}\L\00000004.@

Files to move or delete:
====================
C:\Users\Tre\AppData\Local\Sony\TempDIR\cbhnagcd.dll
C:\ProgramData\netdislw.pad
C:\Users\Tre\acdsee-pro-6-3-221-win-x86-en.exe
C:\Users\Tre\GoogleEarthSetup.exe
C:\Users\Tre\HerBicepsCam.exe
C:\Users\Tre\lws201.exe
C:\Users\Tre\SplitCamSetup.exe
C:\Users\Tre\streaming-audio-recorder_full383.exe
C:\Users\Tre\vegaspro100c_32bit.exe


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tre\AppData\Local\Temp\1E9A042C-1492-4920-9799-C0BB420D5D4A.exe
C:\Users\Tre\AppData\Local\Temp\Abspdf.exe
C:\Users\Tre\AppData\Local\Temp\acfpdfu.dll
C:\Users\Tre\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Tre\AppData\Local\Temp\acfpdfui.dll
C:\Users\Tre\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Tre\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Tre\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Tre\AppData\Local\Temp\cdintf.dll
C:\Users\Tre\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Tre\AppData\Local\Temp\InstallAX.exe
C:\Users\Tre\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tre\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Tre\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Tre\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tre\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Tre\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Tre\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Tre\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tre\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Tre\AppData\Local\Temp\UpdateEyeCaster.exe
C:\Users\Tre\AppData\Local\Temp\xmllite.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) C3E96064EABCF901BFD10EB9525817A7

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 00:44

==================== End Of Log ============================

 

 

Addition.txt

Link to post
Share on other sites

Farbar Recovery Scan Tool (x86) Version: 17-01-2014 03
Ran by Tre at 2014-01-18 18:27:41
Running from C:\Users\Tre\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows.old\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\rpcss.dll
[2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) C3E96064EABCF901BFD10EB9525817A7

=== End Of Search ===

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Do you have access to a spare PC to d/l FRST and save to a flash drive, if so do the following:

 

Please download Farbar Recovery Scan Tool from here:                                                                   
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.



Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04

Ran by SYSTEM on MININT-8GUU2N1 on 19-01-2014 20:26:50
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1135304 2012-12-17] (ACD Systems)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKU\Tre\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2010-04-01] (DT Soft Ltd)
HKU\Tre\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2010-06-01] (Yahoo! Inc.)
HKU\Tre\...\Run: [spotify Web Helper] - C:\Users\Tre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-08-31] (Spotify Ltd)
HKU\Tre\...\RunOnce: [FRST] - C:\Users\Tre\Desktop\FRST.exe [ 2014-01-19] (Farbar)
 
========================== Services (Whitelisted) =================
 
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [x]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-13] (Microsoft Corporation)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28160 2009-07-14] (Hauppauge Computer Works, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-01-19] (Malwarebytes Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-13] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-19 10:49 - 2014-01-19 10:49 - 00000000 ____D C:\Users\Tre\Desktop\FRST-OlderVersion
2014-01-19 08:41 - 2014-01-19 08:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2014-01-18 18:27 - 2014-01-18 18:32 - 00001009 _____ C:\Users\Tre\Desktop\Search.txt
2014-01-18 15:11 - 2014-01-18 15:11 - 00000000 ____D C:\Users\Tre\AppData\Roaming\AVG2014
2014-01-18 15:09 - 2014-01-18 15:09 - 00000939 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-18 15:09 - 2014-01-18 15:09 - 00000000 ____D C:\Users\Tre\AppData\Roaming\TuneUp Software
2014-01-18 15:07 - 2014-01-18 15:11 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-18 15:07 - 2014-01-18 15:07 - 00000000 ___HD C:\$AVG
2014-01-18 14:57 - 2014-01-19 11:28 - 00000000 ____D C:\ProgramData\MFAData
2014-01-18 14:57 - 2014-01-18 15:17 - 00000000 ____D C:\Users\Tre\AppData\Local\Avg2014
2014-01-18 14:57 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\MFAData
2014-01-18 14:56 - 2014-01-18 14:57 - 04436952 _____ (AVG Technologies) C:\Users\Tre\Desktop\avg_isct_stb_all_2014_4259.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-18 13:55 - 2014-01-18 14:06 - 00025035 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-18 13:54 - 2014-01-19 10:52 - 00000000 ____D C:\FRST
2014-01-18 13:54 - 2014-01-19 10:49 - 01221120 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:42 - 2014-01-17 12:53 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:08 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:05 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller2.exe
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 11:56 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller.exe
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:07 - 2014-01-17 10:17 - 00000102 _____ C:\Users\Tre\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 _____ C:\Windows\System32\lplwr.elv
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird
2013-12-20 16:41 - 2013-12-20 16:41 - 00003173 _____ C:\Users\Tre\Documents\talking_20131220.txt
 
==================== One Month Modified Files and Folders =======
 
2014-01-19 19:37 - 2010-09-03 13:16 - 00000000 ____D C:\Windows\System32\logishrd
2014-01-19 11:28 - 2014-01-18 14:57 - 00000000 ____D C:\ProgramData\MFAData
2014-01-19 10:52 - 2014-01-18 13:54 - 00000000 ____D C:\FRST
2014-01-19 10:52 - 2010-07-05 19:48 - 00014388 _____ C:\Windows\PFRO.log
2014-01-19 10:51 - 2010-07-05 18:46 - 01649293 _____ C:\Windows\WindowsUpdate.log
2014-01-19 10:50 - 2010-07-05 18:54 - 00000000 ____D C:\users\Tre
2014-01-19 10:49 - 2014-01-19 10:49 - 00000000 ____D C:\Users\Tre\Desktop\FRST-OlderVersion
2014-01-19 10:49 - 2014-01-18 13:54 - 01221120 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-19 10:40 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 10:40 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 10:38 - 2010-07-05 19:04 - 00804424 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-19 10:32 - 2009-07-13 20:39 - 00044427 _____ C:\Windows\setupact.log
2014-01-19 08:57 - 2010-07-25 08:33 - 00000000 _____ C:\Users\Tre\AppData\Local\prvlcl.dat
2014-01-19 08:41 - 2014-01-19 08:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2014-01-18 18:32 - 2014-01-18 18:27 - 00001009 _____ C:\Users\Tre\Desktop\Search.txt
2014-01-18 15:17 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\Avg2014
2014-01-18 15:12 - 2010-07-05 20:02 - 00000000 ____D C:\Program Files\AVG
2014-01-18 15:11 - 2014-01-18 15:11 - 00000000 ____D C:\Users\Tre\AppData\Roaming\AVG2014
2014-01-18 15:11 - 2014-01-18 15:07 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-18 15:11 - 2010-10-04 16:21 - 00000000 ____D C:\users\Administrator
2014-01-18 15:11 - 2010-10-04 16:17 - 00000000 ____D C:\users\Test1
2014-01-18 15:09 - 2014-01-18 15:09 - 00000939 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-18 15:09 - 2014-01-18 15:09 - 00000000 ____D C:\Users\Tre\AppData\Roaming\TuneUp Software
2014-01-18 15:07 - 2014-01-18 15:07 - 00000000 ___HD C:\$AVG
2014-01-18 15:01 - 2010-07-05 20:02 - 00000000 ____D C:\ProgramData\avg9
2014-01-18 14:57 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\MFAData
2014-01-18 14:57 - 2014-01-18 14:56 - 04436952 _____ (AVG Technologies) C:\Users\Tre\Desktop\avg_isct_stb_all_2014_4259.exe
2014-01-18 14:06 - 2014-01-18 13:55 - 00025035 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-17 13:24 - 2010-10-04 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:53 - 2014-01-17 12:42 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:41 - 2014-01-17 12:08 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 10:30 - 2010-07-06 06:56 - 00000000 ____D C:\Users\Tre\AppData\Local\Sony
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:17 - 2014-01-17 10:07 - 00000102 _____ C:\Users\Tre\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-17 10:07 - 2012-09-12 11:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 _____ C:\Windows\System32\lplwr.elv
2014-01-16 16:09 - 2010-10-09 06:06 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-09 10:46 - 2010-03-14 10:25 - 00000000 ____D C:\captures
2014-01-07 10:33 - 2010-07-05 19:10 - 00000000 ____D C:\Users\Tre\AppData\Roaming\vlc
2013-12-29 09:15 - 2013-12-19 18:00 - 00000000 ____D C:\looking at items
2013-12-23 15:29 - 2010-05-02 11:46 - 00000000 ____D C:\family
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird
2013-12-20 16:41 - 2013-12-20 16:41 - 00003173 _____ C:\Users\Tre\Documents\talking_20131220.txt
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-01-12 19:35:20
Restore point made on: 2014-01-18 15:00:35
Restore point made on: 2014-01-18 15:01:37
Restore point made on: 2014-01-18 15:07:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 8119.08 MB
Available physical RAM: 7508.89 MB
Total Pagefile: 8117.36 MB
Available Pagefile: 7558.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.77 MB
 
==================== Drives ================================
 
Drive c: (main) (Fixed) (Total:920.28 GB) (Free:11.87 GB) NTFS
Drive e: (factory_image) (Fixed) (Total:11.13 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:7.45 GB) (Free:7.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: A8951C2D)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2014-01-09 00:44
 
==================== End Of Log ============================
Link to post
Share on other sites

Save the attached file color=red]fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Re-boot, see if windows will now start?

fixlist.txt

Link to post
Share on other sites

Hi, and thanks again for the very fast response. I only figured out the 'follow this topic' button a few hours ago.  :)

 

I have great news!  Thanks to your help, Windows is now running again!  MBAM is updated and active and I also turned AVG back on.  I am currently running a scan with MBAM.  It's been running about 10 minutes and so far, there is no sign of the mystery audio. *fingers crossed* 

 

Here is the fixlog: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by SYSTEM at 2014-01-20 01:10:51 Run:2
Running from G:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
Start
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\System32\rpcss.dll
End
*****************
 
Could not find C:\Windows\System32\rpcss.dll
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
==== End of Fixlog ====
Link to post
Share on other sites

Good to hear the system is running again, also with no audio ads....

 

When Malwarebytes completes post its log, also give an update on any remaining issues or concerns... As you have AVG updated run a full scan, let me know if anything is found.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

Link to post
Share on other sites

The MBAM scan is clean, and I'm running the AVG scan now. It's going to take a long time. 

 

At this time, I do not have any external drives connected, although my one very large drive was connected at the time I was first infected.  I will have to check it later, but wanted to make sure the main system was clean first.

 

Here is the MBAM report:

 

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2014.01.17.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Tre :: TRE-PC [administrator]

Protection: Enabled

1/20/2014 6:26:50 AM
mbam-log-2014-01-20 (06-26-50).txt

Scan type: Full scan (C:\|D:\|N:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 681106
Time elapsed: 3 hour(s), 28 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Thank you so much for all your help!

 

Here is checkup.txt:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7  x86 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed!
 Java 6 Update 29  
 Java version out of Date!
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.72  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Just finished full scan on the big external drive and did use MBAM to remove that threat. 

 

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2014.01.20.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Tre :: TRE-PC [administrator]

Protection: Enabled

1/20/2014 3:36:21 PM
mbam-log-2014-01-20 (15-36-21).txt

Scan type: Full scan (F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 492534
Time elapsed: 1 hour(s), 2 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
F:\big backup-white\music\ump3 downloads 2013\Paco_Osuna_%40_Amsterdam_Open_Air_2013-%2808-06-2013%29.mp3.exe (PUP.Optional.InstalleRex) -> No action taken.

(end)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by Tre (administrator) on TRE-PC on 20-01-2014 16:41:50
Running from C:\Users\Tre\Desktop
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Spotify Ltd) C:\Users\Tre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1135304 2012-12-17] (ACD Systems)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Tre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-31] (Spotify Ltd)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-28] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.femflex.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9798AED9B71CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKLM - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKLM - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
SearchScopes: HKCU - {F8305D7D-CF69-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
SearchScopes: HKCU - {F8305D7D-CF79-465a-9003-813C6013A702} URL = http://x2t.com/search/?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Open FVD Suite IE Plugin - {2B171655-A70C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - FVD Suite IE Plugin - {2B171655-A70C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
Toolbar: HKCU - FVD Suite IE Plugin - {2B171655-A70C-5C18-B693-6CB5DC269D41} - C:\Program Files\FVDIEPlugin\FVDIEPlugin_1.dll (www.flashvideodownloader.org/fvd-suite/)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default

FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: ActiveGS - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\activegs@freetoolsassociation.com [2011-04-27]
FF Extension: Разпознаване на устройство Logitech - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\DeviceDetection@logitech.com [2011-11-11]
FF Extension: SelectionLinks - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\plugin@selectionlinks.com [2013-01-12]
FF Extension: We-Care App - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\wecarereminder@bryan [2013-12-03]
FF Extension: Flash Video Downloader - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\artur.dubovoy@gmail.com.xpi [2012-09-12]
FF Extension: Video Downloader - C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\gfglqqlzyr@gfglqqlzyr.org.xpi [2013-06-12]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]

Chrome:
=======

CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (0) - C:\Users\Tre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbmhonenddnnmbailokbccgmikhkpni [2011-07-21]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-13] (Microsoft Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28160 2009-07-14] (Hauppauge Computer Works, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-13] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 12:17 - 2014-01-20 12:17 - 00987425 _____ C:\Users\Tre\Desktop\SecurityCheck.exe
2014-01-20 01:10 - 2009-07-13 17:16 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-01-19 10:49 - 2014-01-19 10:49 - 00000000 ____D C:\Users\Tre\Desktop\FRST-OlderVersion
2014-01-18 18:27 - 2014-01-18 18:32 - 00001009 _____ C:\Users\Tre\Desktop\Search.txt
2014-01-18 15:11 - 2014-01-18 15:11 - 00000000 ____D C:\Users\Tre\AppData\Roaming\AVG2014
2014-01-18 15:09 - 2014-01-18 15:09 - 00000939 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-18 15:09 - 2014-01-18 15:09 - 00000000 ____D C:\Users\Tre\AppData\Roaming\TuneUp Software
2014-01-18 15:07 - 2014-01-18 15:11 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-18 15:07 - 2014-01-18 15:07 - 00000000 ___HD C:\$AVG
2014-01-18 14:57 - 2014-01-20 15:28 - 00000000 ____D C:\ProgramData\MFAData
2014-01-18 14:57 - 2014-01-18 15:17 - 00000000 ____D C:\Users\Tre\AppData\Local\Avg2014
2014-01-18 14:57 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\MFAData
2014-01-18 14:56 - 2014-01-18 14:57 - 04436952 _____ (AVG Technologies) C:\Users\Tre\Desktop\avg_isct_stb_all_2014_4259.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-18 13:55 - 2014-01-20 16:42 - 00017553 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-18 13:54 - 2014-01-20 01:10 - 00000000 ____D C:\FRST
2014-01-18 13:54 - 2014-01-19 10:49 - 01221120 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:42 - 2014-01-17 12:53 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:08 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:05 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller2.exe
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 11:56 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tre\Downloads\TDSSKiller.exe
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:07 - 2014-01-17 10:17 - 00000102 _____ C:\Users\Tre\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 _____ C:\Windows\system32\lplwr.elv
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird

==================== One Month Modified Files and Folders =======

2014-01-20 16:42 - 2014-01-18 13:55 - 00017553 _____ C:\Users\Tre\Desktop\FRST.txt
2014-01-20 15:46 - 2010-09-03 07:02 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 15:36 - 2010-07-05 19:04 - 00804424 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 15:28 - 2014-01-18 14:57 - 00000000 ____D C:\ProgramData\MFAData
2014-01-20 15:11 - 2013-12-19 18:00 - 00000000 ____D C:\looking at items
2014-01-20 12:17 - 2014-01-20 12:17 - 00987425 _____ C:\Users\Tre\Desktop\SecurityCheck.exe
2014-01-20 11:12 - 2010-07-25 08:33 - 00000000 _____ C:\Users\Tre\AppData\Local\prvlcl.dat
2014-01-20 10:49 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-20 10:43 - 2010-03-16 15:59 - 00000000 ____D C:\ts media
2014-01-20 04:14 - 2010-03-15 07:39 - 00000000 ____D C:\femflex
2014-01-20 01:22 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 01:22 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 01:17 - 2010-07-05 18:46 - 01732609 _____ C:\Windows\WindowsUpdate.log
2014-01-20 01:13 - 2010-09-03 07:02 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 01:13 - 2010-07-05 20:04 - 00000366 _____ C:\Windows\Tasks\AWC Startup.job
2014-01-20 01:13 - 2009-07-13 20:39 - 00044551 _____ C:\Windows\setupact.log
2014-01-20 01:12 - 2010-09-03 13:16 - 00000000 ____D C:\Windows\system32\logishrd
2014-01-20 01:12 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 01:10 - 2014-01-18 13:54 - 00000000 ____D C:\FRST
2014-01-19 10:52 - 2010-07-05 19:48 - 00014388 _____ C:\Windows\PFRO.log
2014-01-19 10:50 - 2010-07-05 18:54 - 00000000 ____D C:\Users\Tre
2014-01-19 10:49 - 2014-01-19 10:49 - 00000000 ____D C:\Users\Tre\Desktop\FRST-OlderVersion
2014-01-19 10:49 - 2014-01-18 13:54 - 01221120 _____ (Farbar) C:\Users\Tre\Desktop\FRST.exe
2014-01-18 18:32 - 2014-01-18 18:27 - 00001009 _____ C:\Users\Tre\Desktop\Search.txt
2014-01-18 15:17 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\Avg2014
2014-01-18 15:12 - 2010-07-05 20:02 - 00000000 ____D C:\Program Files\AVG
2014-01-18 15:11 - 2014-01-18 15:11 - 00000000 ____D C:\Users\Tre\AppData\Roaming\AVG2014
2014-01-18 15:11 - 2014-01-18 15:07 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-18 15:11 - 2010-10-04 16:21 - 00000000 ____D C:\Users\Administrator
2014-01-18 15:11 - 2010-10-04 16:17 - 00000000 ____D C:\Users\Test1
2014-01-18 15:09 - 2014-01-18 15:09 - 00000939 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-18 15:09 - 2014-01-18 15:09 - 00000000 ____D C:\Users\Tre\AppData\Roaming\TuneUp Software
2014-01-18 15:07 - 2014-01-18 15:07 - 00000000 ___HD C:\$AVG
2014-01-18 15:01 - 2010-07-05 20:02 - 00000000 ____D C:\ProgramData\avg9
2014-01-18 14:57 - 2014-01-18 14:57 - 00000000 ____D C:\Users\Tre\AppData\Local\MFAData
2014-01-18 14:57 - 2014-01-18 14:56 - 04436952 _____ (AVG Technologies) C:\Users\Tre\Desktop\avg_isct_stb_all_2014_4259.exe
2014-01-18 13:56 - 2014-01-18 13:56 - 00022115 _____ C:\Users\Tre\Desktop\Addition.txt
2014-01-17 13:24 - 2010-10-04 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-01-17 12:54 - 2014-01-17 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2014-01-17 12:53 - 2014-01-17 12:42 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\ACD Systems
2014-01-17 12:41 - 2014-01-17 12:08 - 00000000 ____D C:\Users\Tre\Desktop\mbar
2014-01-17 12:39 - 2014-01-17 12:39 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Tre\Downloads\mbar-1.07.0.1008.exe
2014-01-17 12:09 - 2014-01-17 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 12:04 - 2014-01-17 12:04 - 04101441 _____ C:\Users\Tre\Downloads\tdsskiller.zip
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-17 10:30 - 2010-07-06 06:56 - 00000000 ____D C:\Users\Tre\AppData\Local\Sony
2014-01-17 10:29 - 2014-01-17 10:29 - 00000000 ____D C:\Windows\Sun
2014-01-17 10:17 - 2014-01-17 10:07 - 00000102 _____ C:\Users\Tre\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-17 10:07 - 2012-09-12 11:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-17 09:51 - 2014-01-17 09:51 - 00101213 _____ C:\Windows\system32\lplwr.elv
2014-01-16 16:09 - 2010-10-09 06:06 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-09 10:46 - 2010-03-14 10:25 - 00000000 ____D C:\captures
2014-01-07 10:33 - 2010-07-05 19:10 - 00000000 ____D C:\Users\Tre\AppData\Roaming\vlc
2013-12-23 15:29 - 2010-05-02 11:46 - 00000000 ____D C:\family
2013-12-23 15:10 - 2013-12-23 15:10 - 00000000 ____D C:\ProgramData\firebird

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 10:33

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by Tre at 2014-01-20 16:43:41
Running from C:\Users\Tre\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

ACDSee Pro 6 (Version: 6.3.221 - ACD Systems International Inc.)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 2.3.0.0 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (Version: 9.3.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Advanced SystemCare 3 (Version: 3.2.0 - IObit)
Apple Application Support (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (Version: 6.6.0.15 - Audible, Inc.)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
CameraHelperMsi (Version: 13.00.1774.0 - Logitech) Hidden
Canon MP460 (Version:  - )
Canon MP495 series MP Drivers (Version:  - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FTP Voyager 15.2 (Version:  - RhinoSoft.com)
FVDIEPlugin (Version:  - )
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HerBicepsCam Broadcaster (Version: 0.9.31.29531 - )
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0 - Maël Hörz)
iCloud (Version: 2.1.1.3 - Apple Inc.)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (Version: 6.0.290 - Sun Microsystems, Inc.)
Logitech Webcam Software (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.01.1018.0 - Logitech) Hidden
LWS Gallery (Version: 13.01.1018.0 - Logitech) Hidden
LWS Help_main (Version: 13.01.1025.0 - Logitech) Hidden
LWS Launcher (Version: 13.01.1024.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.01.1018.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.00.1774.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.00.1774.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.01.1022.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010 - Microsoft Corporation) Hidden
moviEZ HD (Version: 8.0.1.20216 - Sony Creative Software Inc.)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Napster Download Manager (Version: 1.0.0 - Napster)
NVIDIA Display Control Panel (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.10.0223 - NVIDIA Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 12 (Version: 12.0.1.6173 - Pinnacle Systems)
Pinnacle Video Driver (Version: 12.00.0017 - Pinnacle Systems)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks (Version: 23.0.4001.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (Version: 23.0.4001.2305 - Intuit Inc.)
QuickTime (Version: 7.73.80.64 - Apple Inc.)
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 5.8 (Version: 5.8.156 - Skype Technologies S.A.)
Sony Vegas 7.0 (Version: 7.0.169 - Sony)
Spotify (HKCU Version: 0.9.1.57.ge7405149 - Spotify AB)
TaxCut Premium 2005 (Version:  - )
TurboTax 2010 (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 WinBizFedFormset (Version: 011.000.1793 - Intuit Inc.) Hidden
TurboTax 2011 WinBizReleaseEngine (Version: 011.000.0487 - Intuit Inc.) Hidden
TurboTax 2011 WinBizTaxSupport (Version: 011.000.1323 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax Business 2011 (Version:  - Intuit, Inc)
Vegas Pro 10.0 (Version: 10.0.469 - Sony)
Vegas Pro 9.0 (Version: 9.0.1147 - Sony)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.0 (Version: 1.1.0 - VideoLAN)
WinRAR archiver (Version:  - )
Yahoo! Messenger (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

13-01-2014 03:34:45 Scheduled Checkpoint
18-01-2014 23:00:20 Installed AVG 2014
18-01-2014 23:01:33 Removed AVG 9.0
18-01-2014 23:06:52 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1DE2DFE4-3059-4B04-8F1A-8056825057B8} - System32\Tasks\{9E16C024-8157-48E8-82D4-A2D5D1A9251C} => C:\Program Files\Skype\Phone\Skype.exe [2012-02-15] (Skype Technologies S.A.)
Task: {477DF847-0ACA-4350-B04E-4DEE53A230BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-03] (Google Inc.)
Task: {66E6AFC8-D1C8-4134-A573-9166F158E1EA} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22] (IObit)
Task: {8DCFE685-9313-4F6A-BFFF-436D0036AC9D} - System32\Tasks\{0EF9254A-ADEE-4050-8A66-987D50B83693} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {B6743361-61D5-487A-8DAB-6E5CBF550FFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-03] (Google Inc.)
Task: C:\Windows\Tasks\AWC Startup.job => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-05 20:04 - 2009-02-13 14:10 - 00318976 _____ () C:\Program Files\IObit\Advanced SystemCare 3\WinSkinD7R.bpl
2010-07-05 20:04 - 2009-02-19 13:20 - 00059216 _____ () C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
2010-07-05 20:04 - 2009-02-19 13:21 - 00103248 _____ () C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
2010-07-05 20:04 - 2007-05-11 20:41 - 00041472 _____ () C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00921944 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-28 09:23 - 2010-06-01 09:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-12-19 18:14 - 2013-12-19 18:14 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-05-28 09:34 - 2013-05-28 09:34 - 16033160 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84512240.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84512240.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2014 04:05:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: mshtml.dll, version: 8.0.7600.16625, time stamp: 0x4c2ae0bb
Exception code: 0xc0000005
Fault offset: 0x001c8b58
Faulting process id: 0x2a590
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/20/2014 02:23:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: mshtml.dll, version: 8.0.7600.16625, time stamp: 0x4c2ae0bb
Exception code: 0xc0000005
Fault offset: 0x000a10cf
Faulting process id: 0x5858
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/17/2014 11:53:10 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a1c

Start Time: 01cf13bd683af074

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: f6f1e152-7fb0-11e3-986d-406186974c6d

Error: (01/17/2014 10:30:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b21e
Exception code: 0xc0000374
Fault offset: 0x000c2913
Faulting process id: 0x45c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/15/2014 05:15:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13058

Error: (01/15/2014 05:15:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13058

Error: (01/15/2014 05:15:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2014 05:15:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12059

Error: (01/15/2014 05:15:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12059

Error: (01/15/2014 05:15:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/19/2014 10:32:41 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/19/2014 10:30:34 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190

Error: (01/19/2014 10:30:34 AM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/19/2014 10:30:34 AM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/19/2014 09:38:00 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/19/2014 09:35:28 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190

Error: (01/19/2014 09:35:28 AM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/19/2014 09:35:28 AM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/19/2014 08:37:36 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/18/2014 10:31:35 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190


Microsoft Office Sessions:
=========================
Error: (02/01/2013 01:37:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12071 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (09/18/2012 09:47:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69999 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (09/17/2012 04:33:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7940 seconds with 2460 seconds of active time.  This session ended with a crash.

Error: (05/07/2012 07:56:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1207732 seconds with 15780 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 3319.08 MB
Available physical RAM: 657.56 MB
Total Pagefile: 7997.38 MB
Available Pagefile: 2581.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.08 MB

==================== Drives ================================

Drive c: (main) (Fixed) (Total:920.28 GB) (Free:9.64 GB) NTFS
Drive d: (factory_image) (Fixed) (Total:11.13 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (My Book) (Fixed) (Total:3725.99 GB) (Free:1769.95 GB) NTFS
Drive n: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.

==================== End Of Log ============================

Link to post
Share on other sites

I strongly recommend you UNinstall IObit also Advanced System Care they are just not trustworthy....

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post the logs from AdwCleaner and JRT. Let me know if Adobe and Java update successfully, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

I did uninstall Iobit/Advance System Care using Win 7 program uninstall. Thank you for that advice.

 

Here is the AdwCleaner report:

 

# AdwCleaner v3.017 - Report created 20/01/2014 at 18:53:15
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Tre - TRE-PC
# Running from : C:\Users\Tre\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\plugin@selectionlinks.com
Folder Found : C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\Extensions\wecarereminder@bryan
Folder Found C:\Program Files\Free Ride Games
Folder Found C:\Program Files\OApps
Folder Found C:\Users\Tre\AppData\Local\Coupon Companion Plugin
Folder Found C:\Users\Tre\AppData\Local\TempDir
Folder Found C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Tre\AppData\Roaming\Mozilla\Firefox\Profiles\t2orze1p.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ql735cq2.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Tre\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2603 octets] - [20/01/2014 18:53:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2663 octets] ##########
 

 

=================================================================================================================

 

Running JRT now...

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Tre on Tue 01/21/2014 at  7:56:46.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tre\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Users\Tre\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Program Files\free ride games"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Users\Tre\AppData\Roaming\microsoft\windows\start menu\programs\free ride games"



~~~ FireFox

Successfully deleted: [File] C:\Users\Tre\AppData\Roaming\mozilla\firefox\profiles\t2orze1p.default\extensions\gfglqqlzyr@gfglqqlzyr.org.xpi [Tracur]
Successfully deleted: [Folder] C:\Users\Tre\AppData\Roaming\mozilla\firefox\profiles\t2orze1p.default\extensions\plugin@selectionlinks.com
Successfully deleted: [Folder] C:\Users\Tre\AppData\Roaming\mozilla\firefox\profiles\t2orze1p.default\extensions\wecarereminder@bryan
Successfully deleted the following from C:\Users\Tre\AppData\Roaming\mozilla\firefox\profiles\t2orze1p.default\prefs.js

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
Emptied folder: C:\Users\Tre\AppData\Roaming\mozilla\firefox\profiles\t2orze1p.default\minidumps [163 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/21/2014 at  8:06:17.33
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.