Jump to content

AdwCleaner Black Screen


Recommended Posts

I've been using Malwarebytes for years (paid version) and love the software until the most recent update. I constantly get notifications for PUPs and they always occur regardless if I quarentine them. So I decided to run AdwCleaner to get rid of them for good. After running AdwCleaner I am getting a black screen.

 

 

I looked in task manager and I noticed my explorer.exe is missing with possibly a few others. I tried adding the explorer.exe back in and it stayed for maybe 10 seconds then disspeared.

 

I'm able to boot in safe mode with networking and see my wallpaper and icons. I'm even able to get on the internet

 

 

I tried doing a system restore but its not allowing me (giving errors). I saw another poster had the same issue a few days ago

 

Thanks in advance!

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2014
Scan Time: 9:23:07 AM
Logfile: Export Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.22.02
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495885
Time Elapsed: 27 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 7
PUP.Optional.Babylon.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Replaced,[a109e709bdbedd594748d2697a8b19e7]
PUP.Optional.Babylon.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0);), Replaced,[4d5d737d78033204137c90abb0551ee2]
PUP.Optional.Conduit.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=3&q={searchTerms}&CUI=UN37288464933197572");), Replaced,[2981658b4239fd39f7fa43f8996cc838]
PUP.Optional.Conduit.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("CT3101810.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN37288464933197572&q=");), Replaced,[228823cd87f442f402f0ad8e30d5ab55]
PUP.Optional.Conduit.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("CT3220468.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");), Replaced,[d7d34ea26d0e1d1971810c2f5ea78a76]
PUP.Optional.Conduit.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("CT3101810.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3101810&octid=CT3101810&SearchSource=15&CUI=UN37288464933197572&SSPV=EB_SSPV&Lay=1&UM=\"}");), Replaced,[deccca26aecdbc7ac23f41fb3cc9d828]
PUP.Optional.Conduit.A, C:\Users\Steve.steve1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xpl0yf93.default\prefs.js, Good: (), Bad: (user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN52804035029612062&SSPV=EB_SSPV&Lay=1&UM=\"}");), Replaced,[248618d8bcbfdf570cf5f745d23308f8]

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi :)



 

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.






rufus-128.png_FRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

There will be three things to download on your clean machine:

Save them preferably to the desktop, as it would make the rest of instructions easier.
Recovery .iso file will be downloaded from my GoogleDrive. You will be notified that the file is too big for Google to scan it with built-in virus scanners - I assure you that it's perfectly safe.

PREPARATIONS

Prepare the tool on your clean machine.

rufus-128.png Create bootable USB drive with RUFUS

  • Right-click on rufus-128.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Configure it with the settings listed below:
    • Device - make sure that your pendrive is listed;
    • File System - set to NTFS;
    • Make sure that Quick format option is checked;
    • Create a bootable disk using - select ISO Image;
    • Click on the small CD icon next to ISO Image - select the downloaded Recovery Environment .iso file.
  • Press Start ant the process should run.

You will be notified on the lower bar when it will be completed.

After that please copy FRST to the root of your pendrive.
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

Link to post
Share on other sites

I'm still getting this message :/

 

Sorry, you can't view or download this file at this time.

Too many users have viewed or downloaded this file recently. Please try accessing the file again later. If the file you are trying to access is particularly large or is shared with many people, it may take up to 24 hours to be able to view or download the file. If you still can't access a file after 24 hours, contact your domain administrator.

Link to post
Share on other sites

Please see the Farbar results below

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by SYSTEM on MININT-KH8KFHU on 23-09-2014 23:11:40
Running from d:\
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2012-09-06] (SupportSoft, Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12718776 2014-07-23] (Zemana Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\Steve\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Steve.steve1-PC\...\Run: [Google Update] => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-21] (Google Inc.)
HKU\Steve.steve1-PC\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2013-11-28] (Hewlett-Packard Co.)
HKU\Steve.steve1-PC\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\Steve.steve1-PC\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Steve.steve1-PC\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2775576 2014-08-12] ()
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE1E1C~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [90448 2014-07-23] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [83208 2014-07-23] (Zemana Ltd.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1122568 2010-05-17] (Acresso Software Inc.)
S2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [152936 2011-05-31] (Rockwell Automation, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-09-06] (SupportSoft, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-09-06] (SupportSoft, Inc.)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation)
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] ()
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe [167936 2008-06-26] ()
S2 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2014-07-23] (Zemana Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
S0 sdgxser; C:\Windows\System32\drivers\rgvatwj.sys [79064 2014-09-10] (Malwarebytes Corporation)
S3 ALSysIO; \??\C:\Users\STEVE~1.STE\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 23:11 - 2014-09-23 23:11 - 00000000 ____D () C:\FRST
2014-09-20 05:40 - 2014-09-20 05:40 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Roaming\Adobe
2014-09-20 05:35 - 2014-09-20 05:35 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Local\VirtualStore
2014-09-20 05:34 - 2014-09-23 21:52 - 00000000 ____D () C:\users\steve1.steve1-PC
2014-09-20 05:34 - 2014-08-14 23:15 - 00000000 ____D () C:\Users\steve1.steve1-PC\Documents\Visual Studio 2005
2014-09-20 05:34 - 2014-03-13 17:19 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Roaming\TuneUp Software
2014-09-20 05:34 - 2013-08-22 23:08 - 00000000 ____D () C:\Users\steve1.steve1-PC\Documents\Visual Studio 2008
2014-09-20 05:34 - 2013-08-12 20:26 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Roaming\Macromedia
2014-09-20 05:34 - 2013-08-12 20:26 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Roaming\AVG2012
2014-09-20 05:34 - 2013-08-12 20:26 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Local\Microsoft Help
2014-09-17 15:25 - 2014-09-23 22:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2014-09-17 15:03 - 2014-09-17 15:03 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\iPage Files
2014-09-14 06:19 - 2014-09-23 22:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-14 06:19 - 2014-09-23 22:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 06:19 - 2014-09-23 22:02 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 06:19 - 2014-09-23 22:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 06:18 - 2014-09-23 22:03 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-14 06:18 - 2014-09-14 06:18 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Apple
2014-09-14 06:17 - 2014-09-23 22:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-14 06:17 - 2014-09-23 22:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-12 05:12 - 2014-09-23 22:03 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-12 05:12 - 2014-09-12 09:12 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\AVG Web TuneUp
2014-09-12 05:12 - 2014-09-12 05:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-09-10 10:45 - 2014-09-10 10:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\rgvatwj.sys
2014-09-10 08:48 - 2014-09-10 08:48 - 00020198 _____ () C:\Users\Steve.steve1-PC\Desktop\IndexUI.html
2014-09-10 08:44 - 2014-09-10 08:44 - 00001941 _____ () C:\Users\Steve.steve1-PC\Desktop\Index.html
2014-09-05 06:32 - 2014-09-05 06:32 - 00000044 _____ () C:\Users\Steve.steve1-PC\Desktop\Contacts1.txt
2014-09-04 13:48 - 2014-09-04 13:48 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (35).rdp
2014-09-01 05:03 - 2014-09-01 05:03 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (34).rdp
2014-08-31 15:26 - 2014-08-31 17:28 - 00012041 _____ () C:\Users\Steve.steve1-PC\Desktop\WPU LP.xlsx
2014-08-31 15:06 - 2014-08-31 15:06 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (33).rdp
2014-08-31 13:59 - 2014-08-31 13:59 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (32).rdp
2014-08-31 05:01 - 2014-08-31 05:01 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (31).rdp
2014-08-30 09:03 - 2014-08-30 09:03 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (30).rdp
2014-08-30 07:28 - 2014-08-30 07:28 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\GreenObsession
2014-08-30 05:05 - 2014-08-30 05:05 - 06261056 _____ () C:\Users\Steve.steve1-PC\Desktop\panoptorecorder.exe
2014-08-29 17:32 - 2014-08-29 17:33 - 27281991 _____ () C:\Users\Steve.steve1-PC\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-29 11:27 - 2014-08-29 11:27 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (29).rdp
2014-08-29 04:57 - 2014-09-23 22:03 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Roaming\Avg_Update_0814av
2014-08-29 04:57 - 2014-09-23 22:03 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-29 04:57 - 2014-08-29 10:46 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-08-29 04:57 - 2014-08-29 04:57 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-08-29 04:57 - 2014-08-29 04:57 - 00002814 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-08-29 04:57 - 2014-08-29 04:57 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-08-28 14:30 - 2014-08-28 14:30 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (28).rdp
2014-08-28 08:56 - 2014-08-28 08:56 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (27).rdp
2014-08-28 03:59 - 2014-08-28 03:59 - 00009394 _____ () C:\Users\Steve.steve1-PC\Desktop\Skipping Line.txt
2014-08-28 03:27 - 2014-08-28 03:29 - 00000458 _____ () C:\Users\Steve.steve1-PC\Desktop\Wind HTML.txt
2014-08-28 03:23 - 2014-08-28 03:23 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (26).rdp
2014-08-27 16:00 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 16:00 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 16:00 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-27 03:06 - 2014-08-27 03:06 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (25).rdp
2014-08-25 18:00 - 2014-08-25 18:00 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (24).rdp
2014-08-25 03:41 - 2014-08-25 03:41 - 00524817 _____ () C:\Users\Steve.steve1-PC\Desktop\AutoProject Aug 25.xlsm
2014-08-24 15:02 - 2014-09-19 10:56 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\WPU ASB
2014-08-24 05:33 - 2014-08-29 10:43 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Adobe
2014-08-24 05:28 - 2014-08-24 05:28 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (23).rdp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 23:11 - 2014-09-23 23:11 - 00000000 ____D () C:\FRST
2014-09-23 22:03 - 2014-09-14 06:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-23 22:03 - 2014-09-14 06:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 22:03 - 2014-09-12 05:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-23 22:03 - 2014-08-29 04:57 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Roaming\Avg_Update_0814av
2014-09-23 22:03 - 2014-08-29 04:57 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-09-23 22:03 - 2014-05-06 23:02 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-23 22:03 - 2014-04-22 05:49 - 00000000 ____D () C:\ProgramData\DigiiSaver
2014-09-23 22:03 - 2014-02-21 08:00 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-09-23 22:03 - 2014-02-21 07:59 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-09-23 22:03 - 2014-02-07 14:25 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-09-23 22:03 - 2014-02-07 14:25 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-09-23 22:03 - 2013-11-14 11:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 22:03 - 2013-09-30 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 22:03 - 2013-08-12 20:01 - 00000000 ____D () C:\users\Steve.steve1-PC
2014-09-23 22:03 - 2012-06-07 17:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 22:03 - 2012-05-21 07:25 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Roaming\Skype
2014-09-23 22:03 - 2012-05-21 05:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-23 22:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-09-23 22:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 22:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-23 22:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-23 22:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-23 22:02 - 2014-09-17 15:25 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2014-09-23 22:02 - 2014-09-14 06:19 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-23 22:02 - 2014-09-14 06:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-23 22:02 - 2014-09-14 06:19 - 00000000 ____D () C:\Program Files\iPod
2014-09-23 22:02 - 2014-09-14 06:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-23 22:02 - 2014-09-14 06:17 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-23 22:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-09-23 21:56 - 2014-06-29 14:07 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\Game
2014-09-23 21:56 - 2014-02-21 08:00 - 00000000 ____D () C:\Program Files\Western Digital
2014-09-23 21:56 - 2012-11-05 18:14 - 00000000 __RHD () C:\MSOCache
2014-09-23 21:52 - 2014-09-20 05:34 - 00000000 ____D () C:\users\steve1.steve1-PC
2014-09-20 05:40 - 2014-09-20 05:40 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Roaming\Adobe
2014-09-20 05:35 - 2014-09-20 05:35 - 00000000 ____D () C:\Users\steve1.steve1-PC\AppData\Local\VirtualStore
2014-09-19 12:54 - 2014-04-24 17:59 - 00000000 ____D () C:\AdwCleaner
2014-09-19 11:11 - 2014-02-21 07:59 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-19 10:56 - 2014-08-24 15:02 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\WPU ASB
2014-09-19 04:31 - 2014-08-23 13:08 - 00092945 _____ () C:\Users\Steve.steve1-PC\Desktop\Finances Aug23.xlsx
2014-09-18 09:52 - 2012-12-02 13:49 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\Resume
2014-09-17 15:03 - 2014-09-17 15:03 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\iPage Files
2014-09-14 07:00 - 2014-05-02 15:59 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Roaming\Apple Computer
2014-09-14 06:20 - 2014-05-02 15:59 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Apple Computer
2014-09-14 06:18 - 2014-09-14 06:18 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Apple
2014-09-14 06:18 - 2013-12-21 11:05 - 00000000 ____D () C:\ProgramData\Apple
2014-09-12 09:12 - 2014-09-12 05:12 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\AVG Web TuneUp
2014-09-12 05:12 - 2014-09-12 05:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-09-12 05:12 - 2014-08-02 04:37 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\CrashDumps
2014-09-11 23:13 - 2013-07-23 23:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-11 22:47 - 2012-05-21 05:57 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000UA.job
2014-09-11 22:24 - 2012-06-09 19:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 20:45 - 2013-08-12 20:48 - 01143849 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 10:47 - 2012-05-21 05:57 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000Core.job
2014-09-11 10:40 - 2012-05-22 06:26 - 00003640 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0704398E-807D-49AA-93E3-A75FE25706D0}
2014-09-10 11:19 - 2014-06-04 04:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-10 10:45 - 2014-09-10 10:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\rgvatwj.sys
2014-09-10 10:45 - 2012-08-31 10:52 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\CRE
2014-09-10 10:45 - 2012-08-31 10:51 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Conduit
2014-09-10 08:48 - 2014-09-10 08:48 - 00020198 _____ () C:\Users\Steve.steve1-PC\Desktop\IndexUI.html
2014-09-10 08:44 - 2014-09-10 08:44 - 00001941 _____ () C:\Users\Steve.steve1-PC\Desktop\Index.html
2014-09-10 01:24 - 2012-06-09 19:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 01:24 - 2012-06-09 19:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 01:24 - 2012-01-17 21:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-05 06:32 - 2014-09-05 06:32 - 00000044 _____ () C:\Users\Steve.steve1-PC\Desktop\Contacts1.txt
2014-09-04 13:48 - 2014-09-04 13:48 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (35).rdp
2014-09-04 09:28 - 2009-07-13 20:51 - 02367664 _____ () C:\Windows\setupact.log
2014-09-02 04:59 - 2014-08-01 19:45 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-01 05:03 - 2014-09-01 05:03 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (34).rdp
2014-08-31 17:28 - 2014-08-31 15:26 - 00012041 _____ () C:\Users\Steve.steve1-PC\Desktop\WPU LP.xlsx
2014-08-31 15:06 - 2014-08-31 15:06 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (33).rdp
2014-08-31 13:59 - 2014-08-31 13:59 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (32).rdp
2014-08-31 05:01 - 2014-08-31 05:01 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (31).rdp
2014-08-30 09:03 - 2014-08-30 09:03 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (30).rdp
2014-08-30 07:28 - 2014-08-30 07:28 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\GreenObsession
2014-08-30 05:05 - 2014-08-30 05:05 - 06261056 _____ () C:\Users\Steve.steve1-PC\Desktop\panoptorecorder.exe
2014-08-29 17:33 - 2014-08-29 17:32 - 27281991 _____ () C:\Users\Steve.steve1-PC\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-29 11:27 - 2014-08-29 11:27 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (29).rdp
2014-08-29 10:46 - 2014-08-29 04:57 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av.job
2014-08-29 10:43 - 2014-08-24 05:33 - 00000000 ____D () C:\Users\Steve.steve1-PC\AppData\Local\Adobe
2014-08-29 04:57 - 2014-08-29 04:57 - 00002890 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av_DELETE
2014-08-29 04:57 - 2014-08-29 04:57 - 00002814 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814av
2014-08-29 04:57 - 2014-08-29 04:57 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job
2014-08-29 03:27 - 2013-08-12 19:59 - 00016768 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 03:27 - 2013-08-12 19:59 - 00016768 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 03:19 - 2014-08-06 14:25 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-08-29 03:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 14:30 - 2014-08-28 14:30 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (28).rdp
2014-08-28 08:56 - 2014-08-28 08:56 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (27).rdp
2014-08-28 03:59 - 2014-08-28 03:59 - 00009394 _____ () C:\Users\Steve.steve1-PC\Desktop\Skipping Line.txt
2014-08-28 03:29 - 2014-08-28 03:27 - 00000458 _____ () C:\Users\Steve.steve1-PC\Desktop\Wind HTML.txt
2014-08-28 03:23 - 2014-08-28 03:23 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (26).rdp
2014-08-28 03:19 - 2012-05-21 05:56 - 00000000 ____D () C:\ProgramData\Skype
2014-08-27 23:19 - 2009-07-13 20:45 - 00456448 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-27 03:06 - 2014-08-27 03:06 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (25).rdp
2014-08-25 18:00 - 2014-08-25 18:00 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (24).rdp
2014-08-25 03:41 - 2014-08-25 03:41 - 00524817 _____ () C:\Users\Steve.steve1-PC\Desktop\AutoProject Aug 25.xlsm
2014-08-24 15:05 - 2014-08-24 15:04 - 00000000 ____D () C:\Users\Steve.steve1-PC\Desktop\Boxing
2014-08-24 05:28 - 2014-08-24 05:28 - 00001834 _____ () C:\Users\Steve.steve1-PC\Downloads\RDP Gateway (23).rdp

Files to move or delete:
====================
C:\ProgramData\C__Users_Steve.steve1-PC_AppData_Local_Temp_ir_ext_temp_0_AutoPlay_Docs_Crack_HideIPEasy.exe
C:\ProgramData\C__Users_Steve.steve1-PC_AppData_Local_Temp_ir_ext_temp_1_AutoPlay_Docs_Crack_HideIPEasy.exe
C:\ProgramData\C__Users_Steve.steve1-PC_AppData_Local_Temp_ir_ext_temp_2_AutoPlay_Docs_Crack_HideIPEasy - Copy.exe
C:\ProgramData\C__Users_Steve.steve1-PC_AppData_Local_Temp_ir_ext_temp_2_AutoPlay_Docs_Crack_HideIPEasy.exe
C:\ProgramData\C__Users_STEVE~1.STE_AppData_Local_Temp_Rar$EX00.437_AutoHideIP_Crack_Crack_AutoHideIP.exe
C:\ProgramData\C__Users_STEVE~1.STE_AppData_Local_Temp_Rar$EX39.752_AutoHideIP_Crack_Crack_AutoHideIP.exe
C:\Users\Steve.steve1-PC\privatefirewall.exe


Some content of TEMP:
====================
C:\Users\Steve.steve1-PC\AppData\Local\Temp\ANT529C.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\ANT6416.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\ANT99D4.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\ANTDC04.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\ANTED31.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\devcon.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DisMon.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DualLauncher.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DualSnap.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\DualWallpaper.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\oi_{E2F392CF-5B67-4655-8E48-EFB8A27D5015}.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\SwapScreen.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\tbuTor.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\Tsu7262E7A9.dll
C:\Users\Steve.steve1-PC\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Steve.steve1-PC\AppData\Local\Temp\xmlUpdater.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-07-23 23:00:21
Restore point made on: 2014-07-24 18:42:40
Restore point made on: 2014-07-26 05:49:35
Restore point made on: 2014-07-26 18:57:23
Restore point made on: 2014-08-01 19:42:37
Restore point made on: 2014-08-02 03:26:45
Restore point made on: 2014-08-02 03:34:03
Restore point made on: 2014-08-02 18:37:27
Restore point made on: 2014-08-11 04:29:58
Restore point made on: 2014-08-13 15:48:30
Restore point made on: 2014-08-14 23:00:32
Restore point made on: 2014-08-22 21:09:41
Restore point made on: 2014-08-27 23:00:33
Restore point made on: 2014-09-01 18:41:16
Restore point made on: 2014-09-04 20:00:19
Restore point made on: 2014-09-05 18:19:47
Restore point made on: 2014-09-11 21:07:51
Restore point made on: 2014-09-11 23:00:44
Restore point made on: 2014-09-14 06:18:47
Restore point made on: 2014-09-15 18:37:59
Restore point made on: 2014-09-19 11:07:55
Restore point made on: 2014-09-19 11:12:11
Restore point made on: 2014-09-20 04:17:47

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8189.55 MB
Available physical RAM: 7329.47 MB
Total Pagefile: 8187.7 MB
Available Pagefile: 7335.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:148.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (Fixed) (Total:14.91 GB) (Free:14.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 000454C0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 01518B54)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.


LastRegBack: 2014-09-15 20:37

==================== End Of Log ============================

Link to post
Share on other sites

OK, so please go to safemode with networking, and when in there:



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Hey Naat, I have scanned with Farbar in safemode. Please see the results

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Steve at 2014-09-25 16:26:39
Running from C:\Users\Steve.steve1-PC\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AntiLogger Free version 1.7.2.380 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.7.2.380 - Zemana Ltd.)
Arena 14.00.00000  (HKLM-x32\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 14.00.00000 - Rockwell Automation, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
FactoryTalk Activation Manager 3.40 (CPR 9 SR 4) (HKLM-x32\...\{70A1D2A6-A0B1-4D42-96FD-9832085575A1}) (Version: 3.40.00.0046 - Rockwell Automation, Inc.)
FactoryTalk Diagnostics 2.40 (CPR 9 SR 4) (HKLM-x32\...\{6809A6B0-6A86-4520-8744-95ED21007590}) (Version: 2.40.00.0011 - Rockwell Automation, Inc.)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
HASP Device Drivers (HKLM-x32\...\HASP Device Drivers) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP ENVY 4500 series Basic Device Software (HKLM\...\{09E7A8FD-2FD4-46D6-98A1-93E8E16260ED}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.3 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.3 - Media Player Codec Pack) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4033.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.4 - Notepad++ Team)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Rockwell Windows Firewall Configuration Utility 1.00.06 (HKLM-x32\...\{01D8D3AA-2A4F-4085-9CC3-61E389D86D29}) (Version: 1.00.06.0004 - Rockwell Automation, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
TRENDnet TEW-424UB Wireless USB 2.0 Adapter (HKLM-x32\...\{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}) (Version: 1.00.0000 - TRENDnet)
TRENDnet TEW-649UB Wireless N speed USB Adapter (HKLM-x32\...\{35163C1D-77D1-4D6C-B7D5-B22E6EEBE2A8}) (Version: 1.00.0000 - TRENDnet)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Verizon Download Manager (HKLM-x32\...\{3D12E3F0-3E73-4267-B452-2BBF140343E6}) (Version: 44 - SupportSoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
Windows Driver Package - Realtek Semiconductor Corp. (RTL8187B) Net  (01/13/2009 6.1158.0113.2009) (HKLM\...\38D350BF85FF3ECE162BAC809E6EAA5AA325F75B) (Version: 01/13/2009 6.1158.0113.2009 - Realtek Semiconductor Corp.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Steve.steve1-PC\AppData\Local\Google\Chrome\Application\28.0.1500.95\delegate_execute.exe" (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1526095293-1603745673-2006541838-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-06-20 17:28 - 00000842 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0EE0A75F-CC5C-4F20-9096-1B7A3C7AC401} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000UA => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21] (Google Inc.)
Task: {16E69FD8-743F-448B-8A62-47ACE760CCF0} - System32\Tasks\AVG_SYS_TASK_0814av => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2014-08-12] ()
Task: {1F102ED9-C9E1-411F-9970-8FC8602F92D7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {2023B5E8-3BBF-4DC8-8EA4-AFB70A5083A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000Core => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21] (Google Inc.)
Task: {238C0D2B-3F27-4435-9201-DDEE280B33F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {355B6DC4-02E6-4866-9DE6-C8E015128437} - System32\Tasks\{A2A38B9A-98E0-43A4-9910-2E3EAF653A62} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.115&LastError=12002
Task: {4A2BC354-2015-44FC-BD28-501CE923C408} - System32\Tasks\Western Digital\SmartWare\____Volume_2f4a3d61_4145_11e1_a04b_806e6f6e6963______Volume_a1b6a894_9a75_11e3_b909_eec5529eabf5__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.)
Task: {6F1EE557-AEF2-4917-868E-AEE4F2293822} - System32\Tasks\AVG_SYS_TASK_0814av_DELETE => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe [2014-08-12] ()
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {A1B70E33-8832-432E-A285-83C93CCDFBC5} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {A973B0EE-1BEA-486B-9B20-B468F5A79F1A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-05-02] ()
Task: {B90E4F07-314E-4B07-85E0-7DF453302A82} - System32\Tasks\{8D236A8D-A551-46A1-B266-1F4E03439127} => Chrome.exe http://ui.skype.com/ui/0/5.9.0.115.259/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {BE391AC1-5274-487E-A319-DB6F244740A2} - System32\Tasks\{87363D0D-72DE-4D5A-B420-1DBD1FE8077C} => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software)
Task: {D97CCAAB-379A-4C32-9B19-007559DB1776} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EF52FBD5-5A37-47FC-8DB6-EB6EAE507590} - System32\Tasks\Google Updater and Installer => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21] (Google Inc.)
Task: {EF747794-749F-4140-85A5-49E10DF0922D} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {F96D98D0-D6FD-4E32-AFF2-25F5D7A9DA91} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0814av.job => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0814av_DELETE.job => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000Core.job => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526095293-1603745673-2006541838-1000UA.job => C:\Users\Steve.steve1-PC\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-09 23:51 - 2014-04-01 21:57 - 00065352 _____ () C:\Users\Steve.steve1-PC\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 23:51 - 2014-04-01 21:57 - 04081480 _____ () C:\Users\Steve.steve1-PC\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 23:51 - 2014-04-01 21:58 - 00390472 _____ () C:\Users\Steve.steve1-PC\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 23:51 - 2014-04-01 21:57 - 01647432 _____ () C:\Users\Steve.steve1-PC\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Could not list accounts.
Could not list accounts. Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.


System errors:
=============
Error: (09/25/2014 04:05:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgdiska
AVGIDSDriver
Avgldx64
cdrom
ctxusbm
discache
spldr
truecrypt
Wanarpv6

Error: (09/25/2014 04:05:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (09/25/2014 04:05:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/25/2014 04:03:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070005

Error: (09/25/2014 04:03:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:
%%0

Error: (09/25/2014 04:01:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/25/2014 04:00:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (09/25/2014 04:00:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (09/25/2014 04:00:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/25/2014 04:00:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.


Microsoft Office Sessions:
=========================
Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (09/25/2014 04:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032


CodeIntegrity Errors:
===================================
  Date: 2013-08-12 22:44:55.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-12 22:44:55.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-12 22:44:55.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-12 22:44:55.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-12 22:44:55.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-05 08:36:42.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-05 08:36:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 10:09:17.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 10:09:16.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-31 21:18:11.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX-4100 Quad-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 8189.55 MB
Available physical RAM: 6923.13 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 15118.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:148.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 000454C0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.