Jump to content

result of FarbarScan as directed


joboggi

Recommended Posts

HI 

 

I downloaded the MBAM on to two computers. It worked fine on one, but gets held up in the heuristic scan on the other computer. I followed the instructions for removal and then reload, and still got the same result. I then made a post, and someone told me to run farbar and post it here. So I did. 

 

Please advise. 

 

Joe 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014

Ran by My Computer (administrator) on MYCOMPUTER-PC on 16-09-2014 04:33:37

Running from C:\Users\My Computer\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe

(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

() C:\Program Files\AVG Web TuneUp\vprot.exe

(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [38880 2012-11-12] (Nuance Communications, Inc.)

HKLM\...\Run: [indexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [51168 2012-11-12] (Nuance Communications, Inc.)

HKLM\...\Run: [PPort14reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [333672 2012-01-03] (Nuance Communications, Inc.)

HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro7hook.exe [641424 2012-11-05] (Nuance Communications, Inc.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-09-05] ()

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2680344 2014-09-03] ()

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000\...\Run: [Google Update] => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-07-30] (Google Inc.)

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\My Computer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826 --CMPID 0913a

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000\...\Run: [CPN Notifier] => C:\Program Files\Juicy Stakes 2.0\PokerNotifier.exe

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000\...\Run: [DellSystemDetect] => C:\Users\My Computer\AppData\Local\Apps\2.0\ZQNDOMQW.M7G\0D8WHW6C.QJG\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-24] (Dell)

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-07-30] (Google Inc.)

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\My Computer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826 --CMPID 0913a

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CPN Notifier] => C:\Program Files\Juicy Stakes 2.0\PokerNotifier.exe

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKU\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSystemDetect] => C:\Users\My Computer\AppData\Local\Apps\2.0\ZQNDOMQW.M7G\0D8WHW6C.QJG\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-24] (Dell)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDDFAE2662DABCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\lde5j81e.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Extension: Forecastfox - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\lde5j81e.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-12-10]

 

Chrome: 

=======

CHR HomePage: Default -> https://mysearch.avg.com?cid={7906E231-A4BF-4F84-87ED-9D68E07FC5D1}&mid=7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 15:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp

CHR RestoreOnStartup: Default -> "https://mysearch.avg.com?cid={7906E231-A4BF-4F84-87ED-9D68E07FC5D1}&mid=7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 15:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp"


CHR DefaultSearchKeyword: Default -> mysearch.avg.com

CHR DefaultSearchURL: Default -> https://mysearch.avg.com/search?cid={7906E231-A4BF-4F84-87ED-9D68E07FC5D1}&mid=7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 15:35:16&v=3.2.0.15&pid=wtu&sg=&sap=dsp&q={searchTerms}

CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={7906E231-A4BF-4F84-87ED-9D68E07FC5D1}&mid=7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826〈=en&ds=AVG&pr=fr&d=2014-09-03 15:35:16&v=3.2.0.15&pid=wtu&sg=

CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1

CHR CustomProfile: C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]

CHR Extension: (Google Drive) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]

CHR Extension: (YouTube) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]

CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-02-07]

CHR Extension: (Google Search) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]

CHR Extension: (NYTimes) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-01-13]

CHR Extension: (Full Screen Weather) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-01-13]

CHR Extension: (IE Tab) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-07-21]

CHR Extension: (The Weather Channel for Chrome) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-03-02]

CHR Extension: (Disconnect) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-27]

CHR Extension: (DuckDuckGo Home Page) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkalbbbffedallekgkdheknngopfhif [2014-03-02]

CHR Extension: (Google Maps) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-13]

CHR Extension: (FastestFox for Chrome) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-02-07]

CHR Extension: (Hangouts) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-13]

CHR Extension: (WeatherBug) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-02-07]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-02-26]

CHR Extension: (Phone to Chrome) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoecolejmnhkgafjnieigpjhgmpllnn [2014-08-30]

CHR Extension: (Gmail) - C:\Users\My Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-15]

CHR HKLM\...\Chrome\Extension: [ihogoofdaifgdkdilopkeahfcnifkajn] - C:\Users\My Computer\AppData\Local\CRE\ihogoofdaifgdkdilopkeahfcnifkajn.crx [2013-09-04]

CHR HKCU\...\Chrome\Extension: [ihogoofdaifgdkdilopkeahfcnifkajn] - C:\Users\My Computer\AppData\Local\CRE\ihogoofdaifgdkdilopkeahfcnifkajn.crx [2013-09-04]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)

R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [220048 2012-11-12] (Nuance Communications, Inc.)

R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-03] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-03] (AVG Technologies)

S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys [334096 2012-04-20] (Intel® Corporation)

S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys [69392 2012-04-20] (Intel® Corporation)

S3 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [36552 2009-11-16] (Intel Corporation)

R0 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)

S3 ioatdma2; C:\Windows\System32\Drivers\qd25232.sys [37576 2009-11-16] (Intel Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-16] (Malwarebytes Corporation)

S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2013-03-10] () [File not signed]

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-16 04:33 - 2014-09-16 04:34 - 00017391 _____ () C:\Users\My Computer\Downloads\FRST.txt

2014-09-16 04:33 - 2014-09-16 04:33 - 00000000 ____D () C:\FRST

2014-09-16 04:32 - 2014-09-16 04:32 - 01097728 _____ (Farbar) C:\Users\My Computer\Downloads\FRST.exe

2014-09-16 02:15 - 2014-09-16 04:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-16 02:15 - 2014-09-16 02:15 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-09-16 02:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-16 02:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-16 02:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-16 02:10 - 2014-09-16 02:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\My Computer\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-16 02:05 - 2014-09-16 02:05 - 00011858 _____ () C:\Windows\PFRO.log

2014-09-16 02:03 - 2014-09-16 02:03 - 00321848 _____ (Malwarebytes Corporation) C:\Users\My Computer\Downloads\mbam-clean-2.1.1.1001.exe

2014-09-15 14:44 - 2014-09-16 02:14 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\LavasoftStatistics

2014-09-15 14:41 - 2014-09-15 14:41 - 02806920 _____ () C:\Users\My Computer\Downloads\Adaware_Installer.exe

2014-09-15 14:36 - 2014-09-15 14:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\My Computer\Downloads\HijackThis.exe

2014-09-15 06:06 - 2014-09-15 06:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\My Computer\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-09-14 11:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-09-14 11:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-09-14 11:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-09-14 11:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-09-14 11:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-09-14 11:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-09-14 11:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-09-14 11:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2014-09-14 11:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-09-14 11:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-09-14 11:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-09-14 11:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-09-14 11:17 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-09-14 11:17 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-09-14 11:17 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-09-14 11:17 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-09-14 11:17 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-09-14 11:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-09-14 11:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2014-09-14 11:17 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-09-14 11:17 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-09-14 11:17 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-09-14 11:17 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-09-14 11:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-09-14 11:17 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-09-14 11:17 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-09-14 11:17 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2014-09-14 11:17 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2014-09-14 11:17 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2014-09-14 11:17 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2014-09-14 11:17 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-09-14 11:17 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-09-14 11:17 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-09-14 11:17 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-09-14 11:17 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-09-14 11:17 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-09-14 11:17 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2014-09-14 11:17 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2014-09-14 11:17 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2014-09-14 11:17 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2014-09-14 11:17 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2014-09-14 11:17 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2014-09-14 11:17 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2014-09-14 11:17 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2014-09-14 11:17 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2014-09-14 11:17 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2014-09-14 11:17 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2014-09-14 11:17 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2014-09-14 11:17 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2014-09-14 11:17 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2014-09-14 11:17 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2014-09-14 11:17 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2014-09-14 11:16 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2014-09-14 11:16 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2014-09-14 11:16 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2014-09-14 11:16 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2014-09-14 11:16 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2014-09-14 11:16 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2014-09-14 11:16 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2014-09-14 11:16 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2014-09-14 11:16 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2014-09-14 11:16 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2014-09-14 11:16 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2014-09-14 11:16 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2014-09-14 11:16 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2014-09-14 11:16 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2014-09-14 11:16 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2014-09-14 11:16 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2014-09-14 11:16 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2014-09-14 11:16 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2014-09-14 11:16 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2014-09-14 11:16 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2014-09-14 11:16 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2014-09-14 11:16 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2014-09-14 11:16 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2014-09-14 11:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2014-09-14 11:16 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2014-09-14 11:16 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2014-09-14 11:16 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2014-09-14 11:16 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2014-09-14 11:16 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2014-09-14 11:16 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2014-09-14 11:16 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2014-09-14 11:16 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2014-09-14 11:16 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2014-09-14 11:16 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2014-09-14 11:16 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2014-09-14 11:16 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2014-09-14 11:16 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2014-09-14 11:16 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2014-09-14 11:16 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2014-09-14 11:14 - 2014-09-14 11:17 - 00000000 ____D () C:\Windows\system32\directx

2014-09-14 11:14 - 2014-09-14 11:15 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-09-14 11:14 - 2014-09-14 11:14 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server

2014-09-14 11:14 - 2014-09-14 11:14 - 00000000 ____D () C:\Program Files\RivaTuner Statistics Server

2014-09-14 11:13 - 2014-09-15 03:46 - 00000000 ____D () C:\Program Files\MSI Afterburner

2014-09-14 11:13 - 2014-09-14 11:13 - 00001055 _____ () C:\Users\My Computer\Desktop\MSI Afterburner.lnk

2014-09-14 11:13 - 2014-09-14 11:13 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2014-09-14 10:51 - 2014-09-16 02:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-14 10:31 - 2014-09-16 02:05 - 00000112 _____ () C:\Windows\setupact.log

2014-09-14 10:31 - 2014-09-14 10:31 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-13 17:23 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-13 17:23 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-13 17:23 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-13 17:23 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-13 17:23 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-13 17:23 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-13 17:23 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-13 17:23 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-13 17:23 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-13 17:23 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-13 17:23 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-13 17:23 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-13 17:23 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-13 17:23 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-13 17:23 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-13 17:23 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-13 17:22 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-13 17:22 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-13 17:22 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-13 17:22 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-13 17:22 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-13 17:22 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-13 17:22 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-13 17:22 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-13 17:22 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-13 17:22 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-13 17:22 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-13 17:22 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-13 17:22 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-13 17:22 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-13 17:22 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-13 03:51 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-13 03:51 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-13 03:50 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-13 03:50 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-04 20:45 - 2014-09-04 20:45 - 00000000 ____D () C:\Users\My Computer\AppData\Local\eclipse

2014-09-04 20:20 - 2014-09-04 20:45 - 00000000 ____D () C:\Users\My Computer\AppData\Local\PlayersOnly

2014-09-04 20:18 - 2014-09-11 18:41 - 00000000 ____D () C:\Program Files\PlayersOnly

2014-09-04 20:18 - 2014-09-04 20:18 - 00001863 _____ () C:\Users\My Computer\Desktop\Players Only.lnk

2014-09-04 20:18 - 2014-09-04 20:18 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Players Only

2014-09-03 15:35 - 2014-09-03 19:35 - 00000000 ____D () C:\Users\My Computer\AppData\Local\AVG Web TuneUp

2014-09-03 15:35 - 2014-09-03 17:48 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-09-03 15:35 - 2014-09-03 15:34 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

2014-09-03 15:34 - 2014-09-03 15:35 - 00000000 ____D () C:\Program Files\AVG Web TuneUp

2014-08-27 17:42 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 17:42 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-27 16:53 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-27 16:53 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-27 16:53 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-27 16:53 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-27 16:52 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-27 16:52 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-27 16:52 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-27 16:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-27 16:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-22 14:30 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-22 14:30 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-22 14:29 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-22 14:28 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-16 04:34 - 2014-09-16 04:33 - 00017391 _____ () C:\Users\My Computer\Downloads\FRST.txt

2014-09-16 04:33 - 2014-09-16 04:33 - 00000000 ____D () C:\FRST

2014-09-16 04:32 - 2014-09-16 04:32 - 01097728 _____ (Farbar) C:\Users\My Computer\Downloads\FRST.exe

2014-09-16 04:29 - 2014-01-13 10:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-16 04:29 - 2013-05-15 21:23 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000UA.job

2014-09-16 04:14 - 2014-09-16 02:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-16 03:55 - 2012-07-30 17:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-16 03:00 - 2013-12-10 04:24 - 01333965 _____ () C:\Windows\WindowsUpdate.log

2014-09-16 02:15 - 2014-09-16 02:15 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-09-16 02:15 - 2014-09-14 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-16 02:14 - 2014-09-15 14:44 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\LavasoftStatistics

2014-09-16 02:14 - 2009-07-14 00:34 - 00026832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-16 02:14 - 2009-07-14 00:34 - 00026832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-16 02:10 - 2014-09-16 02:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\My Computer\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-16 02:06 - 2014-01-13 10:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-16 02:05 - 2014-09-16 02:05 - 00011858 _____ () C:\Windows\PFRO.log

2014-09-16 02:05 - 2014-09-14 10:31 - 00000112 _____ () C:\Windows\setupact.log

2014-09-16 02:05 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-16 02:03 - 2014-09-16 02:03 - 00321848 _____ (Malwarebytes Corporation) C:\Users\My Computer\Downloads\mbam-clean-2.1.1.1001.exe

2014-09-16 01:53 - 2013-05-05 21:49 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-15 14:41 - 2014-09-15 14:41 - 02806920 _____ () C:\Users\My Computer\Downloads\Adaware_Installer.exe

2014-09-15 14:37 - 2013-05-03 19:51 - 00000000 ____D () C:\Users\My Computer\AppData\Local\VirtualStore

2014-09-15 14:36 - 2014-09-15 14:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\My Computer\Downloads\HijackThis.exe

2014-09-15 11:45 - 2013-05-15 21:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000Core.job

2014-09-15 06:06 - 2014-09-15 06:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\My Computer\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-09-15 03:46 - 2014-09-14 11:13 - 00000000 ____D () C:\Program Files\MSI Afterburner

2014-09-15 03:46 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-14 11:17 - 2014-09-14 11:14 - 00000000 ____D () C:\Windows\system32\directx

2014-09-14 11:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-09-14 11:15 - 2014-09-14 11:14 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-09-14 11:14 - 2014-09-14 11:14 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server

2014-09-14 11:14 - 2014-09-14 11:14 - 00000000 ____D () C:\Program Files\RivaTuner Statistics Server

2014-09-14 11:13 - 2014-09-14 11:13 - 00001055 _____ () C:\Users\My Computer\Desktop\MSI Afterburner.lnk

2014-09-14 11:13 - 2014-09-14 11:13 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2014-09-14 10:31 - 2014-09-14 10:31 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-13 18:17 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache

2014-09-13 17:22 - 2013-08-17 22:24 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-13 16:59 - 2012-07-30 16:11 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-13 16:49 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-09-11 18:41 - 2014-09-04 20:18 - 00000000 ____D () C:\Program Files\PlayersOnly

2014-09-11 18:36 - 2014-01-13 10:22 - 00002136 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-11 18:35 - 2014-07-24 19:19 - 00000942 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-09-11 18:35 - 2014-07-22 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-09-11 18:33 - 2013-05-05 21:59 - 00000000 ___HD () C:\$AVG

2014-09-09 16:55 - 2012-07-30 17:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-09-09 16:55 - 2012-07-30 17:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-09-04 20:45 - 2014-09-04 20:45 - 00000000 ____D () C:\Users\My Computer\AppData\Local\eclipse

2014-09-04 20:45 - 2014-09-04 20:20 - 00000000 ____D () C:\Users\My Computer\AppData\Local\PlayersOnly

2014-09-04 20:45 - 2013-09-06 15:22 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Mozilla

2014-09-04 20:18 - 2014-09-04 20:18 - 00001863 _____ () C:\Users\My Computer\Desktop\Players Only.lnk

2014-09-04 20:18 - 2014-09-04 20:18 - 00000000 ____D () C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Players Only

2014-09-03 19:35 - 2014-09-03 15:35 - 00000000 ____D () C:\Users\My Computer\AppData\Local\AVG Web TuneUp

2014-09-03 17:48 - 2014-09-03 15:35 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-09-03 15:35 - 2014-09-03 15:35 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-09-03 15:35 - 2014-09-03 15:34 - 00000000 ____D () C:\Program Files\AVG Web TuneUp

2014-09-03 15:34 - 2014-09-03 15:35 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

2014-08-30 16:16 - 2009-07-14 00:33 - 00285808 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 17:23 - 2014-08-10 08:15 - 00009479 _____ () C:\Users\My Computer\Documents\To do.odt

2014-08-22 21:46 - 2014-08-27 17:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 20:42 - 2014-08-27 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-19 13:39 - 2014-09-13 17:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-18 18:26 - 2014-09-13 17:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-18 18:08 - 2014-09-13 17:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-18 17:57 - 2014-09-13 17:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-18 17:57 - 2014-09-13 17:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-18 17:46 - 2014-09-13 17:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-18 17:45 - 2014-09-13 17:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-18 17:44 - 2014-09-13 17:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-18 17:44 - 2014-09-13 17:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-18 17:42 - 2014-09-13 17:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-18 17:39 - 2014-09-13 17:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-18 17:39 - 2014-09-13 17:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-18 17:37 - 2014-09-13 17:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-18 17:36 - 2014-09-13 17:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-18 17:36 - 2014-09-13 17:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 17:35 - 2014-09-13 17:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-18 17:30 - 2014-09-13 17:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 17:27 - 2014-09-13 17:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 17:22 - 2014-09-13 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 17:19 - 2014-09-13 17:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 17:17 - 2014-09-13 17:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 17:17 - 2014-09-13 17:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 17:15 - 2014-09-13 17:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 17:09 - 2014-09-13 17:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 17:08 - 2014-09-13 17:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 17:08 - 2014-09-13 17:22 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 17:07 - 2014-09-13 17:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 16:46 - 2014-09-13 17:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 16:38 - 2014-09-13 17:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 16:36 - 2014-09-13 17:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-13 18:10

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014

Ran by My Computer at 2014-09-16 04:34:41

Running from C:\Users\My Computer\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)

AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden

AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.15 - AVG Technologies)

Canon MF5700 Series (HKLM\...\{11801011-D30E-4120-9A89-9A873B1D72DF}) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)

Google Chrome (HKCU\...\Google Chrome) (Version: 20.0.1132.57 - Google Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden

Juicy Stakes 2.0 (HKLM\...\Juicy Stakes 2.0) (Version: 2.0.1.7205 - Juicy Stakes)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

MSI Afterburner 4.0.0 (HKLM\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)

Nuance PaperPort 14 (HKLM\...\{D0328ED7-EE97-48A0-80EB-693AED5D76AB}) (Version: 14.2.0000 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)

NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)

NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)

NVIDIA nView Desktop Manager (Version: 6.14.10.00 - NVIDIA Corporation) Hidden

NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)

OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)

PaperPort Anywhere 1.4.4661.38157 powered by OfficeDrop (HKLM\...\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}) (Version: 1.4.4661.38157 - OfficeDrop)

PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)

Players Only (HKCU\...\Players Only) (Version: 6.0 - )

PokerStove version 1.24 (HKLM\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )

RivaTuner Statistics Server 6.2.0 (HKLM\...\RTSS) (Version: 6.2.0 - Unwinder)

Scansoft PDF Professional (Version:  - ) Hidden

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1795280262-1770628798-3842080384-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\My Computer\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

 

==================== Restore Points  =========================

 

13-09-2014 20:51:26 Windows Update

14-09-2014 15:15:52 Installed DirectX

15-09-2014 18:41:16 AA11

16-09-2014 06:12:28 AA11

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0AD48504-B3CB-4F69-93AE-A96E24BAE531} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)

Task: {3C4B8F93-07A9-4F39-816F-6F12667DE4D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)

Task: {60AD194C-EEA4-49FC-996C-7F05079F4959} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {A509B80F-F468-497B-8DBA-7C9A694EAC75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)

Task: {B41832C9-C827-4584-B5AA-B225A34EEA83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)

Task: {B98E6869-652E-4485-948C-F379DCADCFFC} - \GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-500UA No Task File <==== ATTENTION

Task: {C591B984-52C5-495B-A506-BB71A945ED08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000UA => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30] (Google Inc.)

Task: {DB8814A0-EF09-4F39-A405-C98C4A12FD78} - \GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-500Core No Task File <==== ATTENTION

Task: {ED635D31-569E-4FCA-991E-AA00B2E0268D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000Core => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000Core.job => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795280262-1770628798-3842080384-1000UA.job => C:\Users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830584674-2789069658-4221531857-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830584674-2789069658-4221531857-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-22 07:08 - 2013-08-29 19:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

2014-09-03 15:35 - 2014-09-03 15:34 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe

2014-09-03 15:35 - 2014-09-03 15:34 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll

2014-09-03 15:35 - 2014-09-03 15:34 - 02680344 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe

2014-09-11 18:36 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-11 18:36 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll

2014-09-11 18:36 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-11 18:36 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

2014-09-11 18:36 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

2014-09-11 18:36 - 2014-09-03 23:01 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

2014-07-22 21:35 - 2014-07-22 21:35 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Program Files\Juicy Stakes 2.0:MID

AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: ConduitFloatingPlugin_ihogoofdaifgdkdilopkeahfcnifkajn => "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3309656\plugins\TBVerifier.dll",RunConduitFloatingPlugin ihogoofdaifgdkdilopkeahfcnifkajn

MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

MSCONFIG\startupreg: PaperPortAnywhere => "C:\Program Files\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/16/2014 02:07:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/14/2014 11:15:51 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {e2ad5fdf-b7f4-41c6-a030-5ad198da581e}

 

Error: (09/14/2014 10:32:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/13/2014 05:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/13/2014 04:01:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/11/2014 06:35:01 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esx.cab. Verify that the file exists and that you can access it.

 

Error: (09/11/2014 06:34:59 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_ztx.cab. Verify that the file exists and that you can access it.

 

Error: (09/11/2014 06:34:56 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_zhx.cab. Verify that the file exists and that you can access it.

 

Error: (09/11/2014 06:34:55 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_trx.cab. Verify that the file exists and that you can access it.

 

Error: (09/11/2014 06:34:53 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_rux.cab. Verify that the file exists and that you can access it.

 

 

System errors:

=============

Error: (09/14/2014 11:58:13 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )

Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

 

Error: (09/14/2014 09:59:23 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

 

Error: (09/13/2014 11:35:21 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )

Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

 

Error: (09/13/2014 08:20:03 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )

Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

 

Error: (09/11/2014 06:59:37 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )

Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

 

Error: (09/06/2014 10:37:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The vToolbarUpdater3.2.0 service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/05/2014 10:46:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (09/05/2014 10:46:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (09/05/2014 10:46:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (09/05/2014 10:46:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

Error: (09/16/2014 02:07:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/14/2014 11:15:51 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {e2ad5fdf-b7f4-41c6-a030-5ad198da581e}

 

Error: (09/14/2014 10:32:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/13/2014 05:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/13/2014 04:01:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/11/2014 06:35:01 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esx.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/11/2014 06:34:59 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_ztx.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/11/2014 06:34:56 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_zhx.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/11/2014 06:34:55 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_trx.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/11/2014 06:34:53 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)

Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_rux.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-12-04 04:28:09.534

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\E458FE8F-E61E-42C7-A706-447565F5E8B1\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_59c95d2a29958ebe\appid.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-04 04:28:09.362

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\E458FE8F-E61E-42C7-A706-447565F5E8B1\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_59c95d2a29958ebe\appid.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-04 04:28:08.910

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\E458FE8F-E61E-42C7-A706-447565F5E8B1\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_59c95d2a29958ebe\appidapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-04 04:28:08.691

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\E458FE8F-E61E-42C7-A706-447565F5E8B1\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_59c95d2a29958ebe\appidapi.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz

Percentage of memory in use: 54%

Total physical RAM: 3581.97 MB

Available physical RAM: 1613.08 MB

Total Pagefile: 7162.23 MB

Available Pagefile: 4846.67 MB

Total Virtual: 2047.88 MB

Available Virtual: 1904.45 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:148.56 GB) (Free:120.29 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: B0F46317)

Partition 1: (Active) - (Size=503 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


 

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

I checked and the threat scan settings were already set to your specifications. So, when I ran the threat scan it got held up once again, in the heuristic portion. I will check again on the presence of the software you noted, but I do not think I have any of that. 

 

I have not proceeded past the threat scan in the instructions, since I could not do the threat scan. 

Link to post
Share on other sites

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : My Computer [Admin rights]

Mode : Scan -- Date : 09/16/2014  23:27:37

 

¤¤¤ Bad processes : 1 ¤¤¤

[suspicious.Path] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe[7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 6 ¤¤¤

[suspicious.Path] HKEY_USERS\S-1-5-21-1795280262-1770628798-3842080384-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0913a : C:\Users\My Computer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826 --CMPID 0913a  -> FOUND

[suspicious.Path] HKEY_USERS\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0913a : C:\Users\My Computer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7b450e96f2e947d3b0c1d15565a1d008-8ce20c00e2c1f282b046b8d95525ece960822826 --CMPID 0913a  -> FOUND

[PUM.StartMenu] HKEY_USERS\S-1-5-21-1795280262-1770628798-3842080384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] HKEY_USERS\S-1-5-21-1795280262-1770628798-3842080384-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> FOUND

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-75A23T0 ATA Device +++++

--- User ---

[MBR] c7aaa48d8fd920f1910051e6790e132f

[bSP] b334aa89c75b84df501150ff0eef66cf : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 503 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1032192 | Size: 152123 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    =================================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    =================================

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

OK, that was a long set of instructions. I sat down to do them this morning, but my computer locked up and would not reboot. 

  The error message follows: NVidia display driver stopped responding and has recovered.

 

When it locked up, I started it in safe mode once successfully, but I could not load any software. I tried a normal reboot and there was nothing. I am getting a blank screen when I try to boot up the computer now. 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.