Jump to content

Recommended Posts

Hi,

 

Please help if you can. I have a computer that's been in my family for a few years now, but hasn't been used a lot lately since it seems infected with a few different viruses, and a reoccuring trojan that pops up after the anti-malware and antivirus applications are ran. The computer is a bit slow. If this computer can be saved, please let me know, and I'd also appreciate knowing how severe any viruses are that may have popped up. 

 

Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Tram (administrator) on TRAM-PC on 18-02-2015 00:35:37
Running from C:\Users\Tram\Downloads
Loaded Profiles: Tram & MYOB_SERVICE & Safe Account (Available profiles: Tram & MYOB_SERVICE & Safety & Safe Account)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Spotify Ltd) C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Dropbox, Inc.) C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Tram\AppData\Local\Google\Update\Install\{C7E5920E-4300-435B-BE4F-4E400CA36ED5}\40.0.2214.111_39.0.2171.95_chrome_updater.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Temp\CR_F3243.tmp\setup.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tram\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] ()
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-14] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [798544 2015-02-07] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-01-05] (AOL Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify Web Helper] => C:\Users\Tram\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59280 2012-09-05] (Apple Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [0CE1844678CFAEA274A5E51B50744957A3304F78._service_run] => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Tram\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [Google Update] => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [findutil] => C:\Users\Tram\AppData\Local\Temp\cleafpmp.exe <===== ATTENTION
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Run: [spotify] => C:\Users\Tram\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-21] (Spotify Ltd)
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\MountPoints2: {3640f7ea-9a72-11e1-8cb9-00262d133777} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1794019613-805196587-2382130379-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-1420:40:34&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1794019613-805196587-2382130379-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1794019613-805196587-2382130379-1000 -> No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} -  No File
Toolbar: HKU\S-1-5-21-1794019613-805196587-2382130379-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tram\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @talk.google.com/O1DPlugin -> C:\Users\Tram\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1794019613-805196587-2382130379-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tram\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tram\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-31]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={9023BA09-B903-43A2-BDE8-D3A9E46223E6}&mid=cea708e6d9dd47d48189d16f6bf7de84-d82e782afbf8e2a5e483da90ff8a6109d15ee70e〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-14 20:40:34&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://reddit.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-05-31]
CHR Extension: (Default Extension) - C:\Users\Tram\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagedfdbdjddgbdjgcdigfdcdegfgcdh [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Tram\AppData\Local\Temp\ccex.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-11-11] (AVG Secure Search)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [798544 2015-02-07] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-11] (AVG Technologies)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-02-07] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 00:35 - 2015-02-18 00:46 - 00036813 _____ () C:\Users\Tram\Downloads\FRST.txt
2015-02-18 00:34 - 2015-02-18 00:36 - 00000000 ____D () C:\FRST
2015-02-18 00:33 - 2015-02-18 00:33 - 02085888 _____ (Farbar) C:\Users\Tram\Downloads\FRST64 (2).exe
2015-02-18 00:31 - 2015-02-18 00:32 - 02085888 _____ (Farbar) C:\Users\Tram\Downloads\FRST64 (1).exe
2015-02-17 23:00 - 2015-02-17 23:00 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Mozilla
2015-02-17 22:16 - 2015-02-17 22:16 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\Adobe
2015-02-17 22:15 - 2015-02-17 22:15 - 00000000 ____D () C:\Users\Safety\AppData\Local\AVG SafeGuard toolbar
2015-02-17 22:14 - 2015-02-17 22:14 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\AVG2012
2015-02-17 22:14 - 2015-02-17 22:14 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\Apple Computer
2015-02-17 22:12 - 2015-02-17 22:12 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\AVG
2015-02-17 22:10 - 2015-02-17 22:10 - 00001447 _____ () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-17 22:10 - 2015-02-17 22:10 - 00001413 _____ () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-17 22:06 - 2015-02-17 22:12 - 00000000 ____D () C:\Users\Safety\AppData\Local\VirtualStore
2015-02-17 22:04 - 2015-02-17 22:08 - 00000000 ____D () C:\Users\Safety
2015-02-17 22:04 - 2015-02-17 22:04 - 00000020 ___SH () C:\Users\Safety\ntuser.ini
2015-02-17 22:04 - 2013-01-31 08:25 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\TuneUp Software
2015-02-17 22:04 - 2011-10-18 02:02 - 00000000 ____D () C:\Users\Safety\AppData\Local\Microsoft Help
2015-02-17 22:04 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-17 22:04 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-10 04:25 - 2015-02-10 04:25 - 00002480 _____ () C:\Windows\System32\Tasks\1214tbUpdateInfo
2015-02-10 04:25 - 2015-02-10 04:25 - 00000348 _____ () C:\Windows\Tasks\1214tbUpdateInfo.job
2015-02-10 04:25 - 2015-02-10 04:25 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 00:34 - 2014-07-27 21:48 - 00000000 ____D () C:\ProgramData\WRData
2015-02-18 00:33 - 2009-07-13 23:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 00:33 - 2009-07-13 23:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 00:30 - 2012-05-31 14:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 00:28 - 2011-01-21 09:31 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job
2015-02-17 22:33 - 2014-11-14 03:49 - 00001729 _____ () C:\Users\Tram\Desktop\Green Tweed Mod Dress - Shortcut.lnk
2015-02-17 22:28 - 2011-01-21 09:31 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job
2015-02-17 22:27 - 2013-05-09 13:38 - 00000000 ___RD () C:\Users\Tram\Dropbox
2015-02-17 22:27 - 2013-05-09 13:29 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Dropbox
2015-02-17 22:25 - 2013-05-09 13:38 - 00001017 _____ () C:\Users\Tram\Desktop\Dropbox.lnk
2015-02-17 22:25 - 2013-05-09 13:34 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-17 22:23 - 2011-01-21 09:31 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA
2015-02-17 22:23 - 2011-01-21 09:31 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core
2015-02-17 22:17 - 2012-06-27 10:35 - 00000000 ____D () C:\Users\Tram\AppData\Roaming\Spotify
2015-02-17 16:09 - 2009-01-21 09:19 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-07 15:52 - 2014-07-27 21:48 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-02-07 15:52 - 2014-07-27 21:48 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-02-07 15:52 - 2014-07-27 21:48 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-02-07 15:49 - 2011-12-05 02:58 - 00000000 ____D () C:\Users\MYOB_SERVICE
2015-02-07 15:49 - 2009-01-21 09:10 - 00000000 ____D () C:\Users\Tram
2015-02-06 15:08 - 2009-07-14 00:13 - 00782632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 15:04 - 2014-07-27 22:14 - 00091646 _____ () C:\Windows\PFRO.log
2015-02-06 15:04 - 2014-07-27 22:14 - 00001410 _____ () C:\Windows\setupact.log
2015-02-06 15:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 17:29 - 2012-05-31 14:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 17:29 - 2012-05-31 14:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:29 - 2012-03-25 06:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
ZeroAccess:
C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}
C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@
C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\o
C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000001.@
C:\Windows\Installer\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\U\00000002.@
 
ZeroAccess:
C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}
C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\@
 
Some content of TEMP:
====================
C:\Users\Tram\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidkdz7.dll
C:\Users\Tram\AppData\Local\Temp\utt1076.tmp.exe
C:\Users\Tram\AppData\Local\Temp\utt7B8B.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2015-02-17 16:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Tram at 2015-02-18 00:48:07
Running from C:\Users\Tram\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials (Disabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: AVG Internet Security 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
AVG 2012 (Version: 12.0.2171 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2176 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2238 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2240 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2241 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)
AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dropbox (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Soap Opera Dash (HKLM-x32\...\am-soapoperadashtm) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.3 - Sophos Limited)
Spotify (HKU\S-1-5-21-1794019613-805196587-2382130379-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.7.26 - Webroot)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Tram\AppData\Local\{62fe5889-a2e8-4cf5-422f-e5ef4945aa66}\n. No File
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tram\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1794019613-805196587-2382130379-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tram\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
09-01-2015 18:33:33 Scheduled Checkpoint
18-01-2015 22:14:24 Scheduled Checkpoint
29-01-2015 01:30:31 Scheduled Checkpoint
07-02-2015 15:50:04 Scheduled Checkpoint
17-02-2015 16:03:47 Scheduled Checkpoint
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {066BC962-0245-4505-827D-998E976AAFF5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-09-05] ()
Task: {06BA8C0D-B513-4146-BAD4-FC47D5F9CFA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {14AD62C8-DA11-4A44-BFFA-E7F44AE02CE9} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28] ()
Task: {280B3525-CF16-46A5-9229-1979EF3708DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {2D27ECB1-4363-4426-89A8-1FC2407FDFF9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)
Task: {387B5FB2-D72F-4503-BDD3-00E16C309A50} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe [2015-02-10] ()
Task: {475D6A7A-AF78-498C-99D2-0269E2BC539D} - System32\Tasks\{EE5CE790-E59E-439B-80C8-F3CE7334F185} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C53917E5-789F-4BF0-91EE-F5BF29560122}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {4FCED888-7D9C-49F5-97D2-1C25C58E4D46} - System32\Tasks\{BB0CAD62-C215-4845-86E9-AB365D132A55} => pcalua.exe -a "C:\Users\Tram\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\Tram\Downloads
Task: {538D5536-A14D-4692-B05A-6935746B36AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7F6F2757-3EB8-4381-9F4C-FA376A1A27B9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {82BA4197-1C79-4272-97A8-78556E7EA30D} - System32\Tasks\Google Updater and Installer => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {97DAAABD-FA5A-4BE4-89CB-D067622107CA} - System32\Tasks\{5782725F-5E45-47E6-BCEB-D2C23B1444DE} => pcalua.exe -a "C:\Users\Tram\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HEDHQDG\ChromeSetup[1].exe" -d C:\Users\Tram\Desktop
Task: {A0B9338E-8F93-4999-9199-CA34070A1299} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {C324DA00-33C6-4FEC-ABF9-7AAF297C725E} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {D6C83F1D-3037-4311-934F-C61885169F63} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10] (Adobe Systems Incorporated)
Task: {DA7C7B74-6A4E-4D1C-BE74-CAB1E36159F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E3CBC4AB-80B8-4B19-82C7-AC49DDE5189F} - System32\Tasks\{22BCF16A-1CC3-4655-874F-8425AA9993EE} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\am-soapoperadashtm.rguninst" "AddRemove"
Task: {F2060500-4248-4E16-B5C8-5279ABB1D866} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{0C5B79B7-163A-4335-8759-0232B482D858}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000Core.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794019613-805196587-2382130379-1000UA.job => C:\Users\Tram\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => C:\Users\Tram\AppData\Local\Google\Chrome\Application\chrome.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-11 07:43 - 2014-11-11 07:42 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2014-11-11 07:43 - 2014-11-14 03:05 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-02-17 22:29 - 2015-02-17 22:29 - 07460944 _____ () C:\Users\Tram\AppData\Local\Google\Update\Install\{C7E5920E-4300-435B-BE4F-4E400CA36ED5}\40.0.2214.111_39.0.2171.95_chrome_updater.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-11 07:43 - 2014-11-11 07:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2011-01-05 12:06 - 2011-01-05 12:06 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2011-01-12 20:55 - 2011-01-12 20:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2011-01-12 20:57 - 2011-01-12 20:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-21 20:17 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-21 20:17 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-17 22:26 - 2015-02-17 22:26 - 00043008 _____ () c:\users\tram\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidkdz7.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Tram\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-21 20:17 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-21 20:17 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-21 20:17 - 2014-12-05 20:50 - 14913352 _____ () C:\Users\Tram\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:31A07C00
AlternateDataStreams: C:\ProgramData\TEMP:3AE22B1A
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1794019613-805196587-2382130379-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1794019613-805196587-2382130379-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tram\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1794019613-805196587-2382130379-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Safe Account\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1794019613-805196587-2382130379-500 - Administrator - Disabled)
Guest (S-1-5-21-1794019613-805196587-2382130379-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1794019613-805196587-2382130379-1002 - Limited - Enabled)
MYOB_SERVICE (S-1-5-21-1794019613-805196587-2382130379-1003 - Administrator - Enabled) => C:\Users\MYOB_SERVICE
Safe Account (S-1-5-21-1794019613-805196587-2382130379-1005 - Limited - Enabled) => C:\Users\Safe Account
Safety (S-1-5-21-1794019613-805196587-2382130379-1004 - Administrator - Enabled) => C:\Users\Safety
Tram (S-1-5-21-1794019613-805196587-2382130379-1000 - Administrator - Enabled) => C:\Users\Tram
 
==================== Faulty Device Manager Devices =============
 
Name: VIA 1394 OHCI Compliant Host Controller
Description: VIA 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: VIA
Service: 1394ohci
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8143
 
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7145
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7145
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132
 
 
System errors:
=============
Error: (02/18/2015 00:34:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/18/2015 00:05:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 11:34:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 11:04:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:37:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:04:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:04:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:04:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:04:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/17/2015 10:03:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8143
 
Error: (02/17/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7145
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7145
 
Error: (02/17/2015 04:22:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131
 
Error: (02/17/2015 04:22:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/17/2015 04:22:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-06 15:04:50.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 15:04:50.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 15:03:47.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 15:03:47.663
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:18:09.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:18:09.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:16:57.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:16:57.293
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:13:56.893
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-28 07:13:56.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 77%
Total physical RAM: 4029.18 MB
Available physical RAM: 891.43 MB
Total Pagefile: 8056.54 MB
Available Pagefile: 2644.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (WIN7) (Fixed) (Total:698.64 GB) (Free:411.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CB5BD2B2)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

Hello explosivevenus, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 

If this computer can be saved, please let me know, and I'd also appreciate knowing how severe any viruses are that may have popped up. 

Yes, the machine can be cleaned, but unfortunately it is badly infected. As such, please be aware of the following -
Let me know how you wish to proceed after reading the warning below. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------
 
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions, and how you wish to proceed.

 
If you wish to clean the machine, please do the following. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Type the following text into the Search: textbox:
    services.exe
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will open.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Hello,

I can provide instructions on how you can safely backup your data if you wish.

Ultimately, the choice between cleaning and reformatting/starting from scratch is personal. Most in your situation choose to clean the machine, but you must do what you're most comfortable with.

Those unsure have opted to clean the machine first, and reaccess the situation afterwards. Some have then gone onto reformat, and others have decided to stick with the current installation. You personally may find the decision easier to make when you can access the machine in a state deemed as "clean".

These are just some thoughts that may help with your decision.

Link to post
Share on other sites

Hello Alex, 
 
Lets try this a different way. 
Please do the following.
 
STEP 1
xlK5Hdb.png FRST Recovery Environment Scan


Note: You require access to a clean USB drive
Note: Please print off these instructions, or ensure you have access to them using a different device.

  • Hold the Shift Key on your keyboard and insert your USB drive into your computer. 
  • Please download Farbar Recovery Scan Tool (x64) and save the file to your USB drive.
  • Enter the Recovery Environment by choosing one of the options below. 
     

Option #1: Enter Recovery Environment (Windows 7/Vista)

  • Restart the infected computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your the keyboard language settings, and then click Next.
  • Select the operating system you wish to repair, and then click Next.
  • Select your user account, and then click Next.
     

Option #2: Enter Recovery Environment (Windows Installation Disc)

  • Insert your Windows installation disc.
  • Restart your computer.
  • Configure your infected PC to boot from CD/DVD. Instructions on how to do this can be found here.
  • If prompted, press any key to start Windows from the installation disc.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the Operating System you want to repair, and then click Next.
  • Select your user account, and then click Next.
     

Advanced Boot Options Menu

  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File followed by Open
  • Click Computer, write down your USB drive letter on a piece of paper and close Notepad.
  • Type: x:\frst64.exe in the command window. 
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click Scan. A log (FRST.txt) will be saved to your USB drive.
  • Type the following text into the Search: textbox:
    services.exe
  • Click on the Search File(s) button. A log (Search.txt) will be saved to your USB drive.
  • Attach FRST.txt in your next reply. 
  • Copy the contents of Search.txt and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt (attached!)
  • Search.txt
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.