1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

addaware problems.

Discussion in 'Windows - Virus and spyware problems' started by Heaseba, Oct 5, 2013.

  1. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I don't know that I have found anything 'wrong' precisely, other than the almost constant "Threat detected." from avast, and its sluggish like walking on glue strips..
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Click the Avast icon on your desktop or little one on the taskbar then click Scan or Quickscan depending on the ver of Avast to see if you can run a scan for the threat and quarantine it.

    Ran a defrag on your C drive.

    Then post the OTL Logs.
     
  3. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    OTL logfile created on: 11/18/2013 3:31:10 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.57% Memory free
    7.99 Gb Paging File | 6.39 Gb Available in Paging File | 79.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 159.81 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/15 14:35:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/11/14 22:21:18 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/11/14 22:21:08 | 000,116,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2013/10/09 08:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/11/15 14:35:02 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/11/14 22:21:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/11/14 22:21:08 | 000,116,776 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/11/15 14:35:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/08 17:29:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/11/14 22:21:24 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/11/14 22:21:15 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2013/11/14 22:21:08 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/01/21 23:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/01/21 23:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/14 22:21:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:35:00 | 000,000,000 | ---D | M]

    [2012/03/14 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2013/11/13 09:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
    [2013/09/12 18:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
    [2013/11/15 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/11/15 14:35:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/11/15 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/11/15 14:35:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/11/15 14:35:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/11/14 22:21:26 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

    ========== Chrome ==========

    CHR - default_search_provider: dosearches (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\

    O1 HOSTS File: ([2013/10/07 22:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/08 15:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
    O32 - AutoRun File - [2010/12/08 15:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/11/15 14:16:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
    [2013/11/14 22:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2013/11/14 22:16:09 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2013/11/14 22:16:08 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2013/11/14 22:16:05 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2013/11/14 22:16:00 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
    [2013/11/13 10:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2013/11/10 15:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
    [2013/11/10 15:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2013/11/10 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayer
    [2013/10/28 10:05:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    [2013/10/28 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/10/28 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/10/28 10:04:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/10/28 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 30 Days ==========

    [2013/11/18 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/18 15:13:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/18 15:13:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/18 15:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/18 15:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    [2013/11/18 02:07:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    [2013/11/17 20:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/17 17:47:22 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/17 17:47:22 | 000,668,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/17 17:47:22 | 000,124,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/17 17:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/17 17:42:58 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/16 10:00:26 | 000,001,161 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/11/14 22:22:22 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
    [2013/11/14 22:22:22 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2013/11/14 22:21:24 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/11/14 22:21:24 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/11/14 22:21:24 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/11/14 22:21:24 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/11/14 22:21:24 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/11/14 22:21:24 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/11/14 22:21:24 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/11/14 22:21:24 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/11/14 22:21:24 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/11/14 22:21:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/11/14 22:21:15 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2013/11/14 22:21:08 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
    [2013/11/14 22:16:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/11/13 10:02:18 | 000,001,189 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/11/13 10:02:18 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/11/10 15:34:13 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
    [2013/11/10 15:33:45 | 000,785,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/11/08 22:52:04 | 000,000,819 | ---- | M] () -- C:\Users\Administrator\Documents\Resume.rtf
    [2013/11/07 10:00:07 | 000,009,486 | ---- | M] () -- C:\Users\Administrator\Documents\Spats.ods
    [2013/10/31 10:56:45 | 000,001,805 | ---- | M] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
    [2013/10/31 02:46:13 | 000,270,824 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2013/10/31 02:46:12 | 000,131,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2013/10/30 14:38:44 | 000,001,099 | ---- | M] () -- C:\Users\Administrator\Documents\seed trades.rtf
    [2013/10/28 11:30:32 | 000,029,851 | ---- | M] () -- C:\Users\Administrator\Documents\mbam report.rtf
    [2013/10/28 10:04:48 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/10/28 10:03:19 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe

    ========== Files Created - No Company Name ==========

    [2013/11/14 22:22:22 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
    [2013/11/14 22:13:19 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2013/11/10 15:34:13 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
    [2013/11/08 22:52:04 | 000,000,819 | ---- | C] () -- C:\Users\Administrator\Documents\Resume.rtf
    [2013/11/07 09:46:30 | 000,009,486 | ---- | C] () -- C:\Users\Administrator\Documents\Spats.ods
    [2013/10/31 10:54:08 | 000,001,805 | ---- | C] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
    [2013/10/28 11:30:31 | 000,029,851 | ---- | C] () -- C:\Users\Administrator\Documents\mbam report.rtf
    [2013/10/28 10:04:48 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/10/25 18:32:33 | 000,001,099 | ---- | C] () -- C:\Users\Administrator\Documents\seed trades.rtf
    [2013/09/09 18:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/06/11 13:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/11 13:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/11 13:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/11 13:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/11 13:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/13 09:46:50 | 000,785,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/22 12:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
    [2011/09/22 12:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
    [2011/09/22 12:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
    [2011/09/22 12:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
    [2011/09/22 12:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
    [2011/09/22 12:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
    [2010/03/21 20:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
    [2010/01/21 23:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    OK Heather, tell me all that's wrong. It's like going to the doctor, you must tell him all of your symptoms before he can make a diagnosis.

    and:
    do you use Skype?
    do you use Pando?
    where does it hurt?

    You have No malware therefore I'll have to look for something else so, please help me out.

    2oG
     
  5. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Yes we use skype.. no idea what Pando is, so ..no..and it is just so darned SLOW..but that could be my ISP now,as the 'malicious site blocked' message has stopped.
    I think I am ok again.. thanks for the assistance.
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Pando is a hosting program where you can upload a file, pictures etc. and pass it to another computer that has Pando. It’s OK.

    'malicious site blocked' comes from MBAM Pro. It has a realtime scanner that blocks bad url’s both in and outbound. You had the Trial ver. And I see that it is not running in the last Log. I do highly recommend MBAM Pro.

    I can find nothing in your Logs that is malicious and with your 'non genuine version' there’s not much more that I can do.

    Until you can get a genuine copy of windows I suggest leaving the updates turned off, continuing using Avast and scan often with MBAM..

    2oG
     
  7. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,309
    Likes Received:
    120
    Trophy Points:
    143
    Heather59, pm sent to you about your windows problem.
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    @ddp did you get my pm?
     
  9. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,309
    Likes Received:
    120
    Trophy Points:
    143
    yes
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    ddp, have you tried systemlook yet?
     
  11. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,309
    Likes Received:
    120
    Trophy Points:
    143
    not yet.
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    I've been using it for a while with just :regfind, :filefind and :folderfind. This past week I've used some of the switches and wildcards and it's as handy as a pocket on a shirt. :)
    I stopped using the :reg fix in OTL because it misses a lot of stuff it sometimes doesn't have the permissions for, even though it's supposed to be running as Admin. I now just make a dot reg file because it has Full System permissions and takes care of everything...
     
  13. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Sorry for not getting back to you guys.escalating illnesses in the household..
    I have fixed my 'non genuine' problem; reset my forgotten password and still battling with my 'slow as candied honey' computer. I'm a bit worried that the problem NOW is an hardware issue as the HD regularly makes a loud spinning noise. Never rains but it pours, around here :D
     
    Last edited: Apr 22, 2014
  14. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,309
    Likes Received:
    120
    Trophy Points:
    143
    who makes the hard drive as could download their hard drive diagnostic program to see if your hd is dying or not?
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Or it may be full, fragmented and can't work correctly.
    Go to -> Start -> computer and check if your drive has free space..
     
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    [​IMG]

    Divide Free GB by total to get percent free example:
    169/199 = .849 or 85%

    If 15% or less that may be the problem and you will need to delete some stuff and defrag..
     
  17. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I have 135gig free and it does an automatic defrag weekly.. :( . No idea what the brand is. Guess I need to turn it of and look?
     
  18. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Gee Heather, It's hard to tell, Post me a scan log and I'll see if I can find a problem in it.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    32bit or 64bit depending on your system..

    Note: You need to run the version compatible with your system, but if you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, which will be the right version.


    * Right click and run as administrator.
    * Press Scan button.
    * It will produce a log called FRST.txt in the same directory the tool is run from.
    * Please copy and paste log back here.
    * The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    2oG
     
  19. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 01
    Ran by Administrator (administrator) on HEATHERPC on 01-05-2014 16:45:28
    Running from C:\Users\Administrator\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Farbar) C:\Users\Administrator\Downloads\Furbar.exe


    ==================== Registry (Whitelisted) ==================

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-05] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1224842166-2811445709-100843145-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-28] (Google Inc.)
    HKU\S-1-5-21-1224842166-2811445709-100843145-500\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-1224842166-2811445709-100843145-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x88E96E8E0E9BCA01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {4AD98E64-94D5-4189-BEAC-0FB886AE6B0E} URL = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    SearchScopes: HKCU - {4AD98E64-94D5-4189-BEAC-0FB886AE6B0E} URL = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default
    FF Homepage: hxxp://www.intellicast.com/Local/Weather.aspx|https://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Administrator\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Administrator\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF Extension: Social Fixer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\Extensions\socialfixer@mattkruse.com.xpi [2013-06-09]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-03-19]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
    FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]

    Chrome:
    =======
    CHR DefaultSearchKeyword: dosearches
    CHR DefaultSearchProvider: dosearches
    CHR DefaultSearchURL: http://search.dosearches.com/web/?u...72&ts=1384114876&type=default&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-05]
    CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
    CHR HKCU\...\Chrome\Extension: [eibleipkbineaadpnemmalkahodjhdbd] - C:\Users\Administrator\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx [2013-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [eibleipkbineaadpnemmalkahodjhdbd] - C:\Users\Administrator\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx [2013-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-05] (AVAST Software)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-20] (BitRaider, LLC)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S2 Util SaltarSmart; "C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-05] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-14] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-14] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-05] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-05] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-05] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
    R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-01-22] ()
    S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-12-21] (BitRaider)
    S1 crlscsi; C:\Windows\SysWow64\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-01-22] ()
    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U4 cisvc;
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-01 16:45 - 2014-05-01 16:45 - 00013040 _____ () C:\Users\Administrator\Downloads\FRST.txt
    2014-05-01 16:44 - 2014-05-01 16:45 - 00000000 ____D () C:\FRST
    2014-05-01 16:43 - 2014-05-01 16:44 - 02061824 _____ (Farbar) C:\Users\Administrator\Downloads\Furbar.exe
    2014-04-16 20:16 - 2014-04-16 20:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2014-04-15 10:12 - 2014-04-15 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2014-04-15 10:12 - 2014-04-15 10:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-04-11 10:12 - 2014-04-15 10:12 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-04-11 10:12 - 2014-04-11 10:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2014-04-09 10:13 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-09 10:13 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-09 10:13 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-09 10:13 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-09 09:59 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-09 09:59 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-09 09:59 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-04-09 09:59 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-04-09 09:59 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-04-09 09:59 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-04-09 09:59 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-09 09:59 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-04-09 09:59 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-04-09 09:59 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-04-09 09:59 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

    ==================== One Month Modified Files and Folders =======

    2014-05-01 16:45 - 2014-05-01 16:45 - 00013040 _____ () C:\Users\Administrator\Downloads\FRST.txt
    2014-05-01 16:45 - 2014-05-01 16:44 - 00000000 ____D () C:\FRST
    2014-05-01 16:44 - 2014-05-01 16:43 - 02061824 _____ (Farbar) C:\Users\Administrator\Downloads\Furbar.exe
    2014-05-01 16:28 - 2012-08-26 12:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-01 16:26 - 2011-07-02 19:54 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    2014-05-01 16:26 - 2010-11-28 16:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-01 16:17 - 2010-01-22 13:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
    2014-05-01 16:06 - 2011-08-15 15:46 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D2AA90E9-323D-4FE7-A7BC-9CE31E16991D}
    2014-05-01 16:06 - 2010-01-22 01:29 - 01247209 _____ () C:\Windows\WindowsUpdate.log
    2014-05-01 15:53 - 2009-07-14 01:13 - 00792550 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-01 12:07 - 2014-03-04 13:00 - 00000000 ____D () C:\Users\Administrator\Documents\kintraks
    2014-05-01 11:49 - 2014-03-06 14:52 - 00015440 _____ () C:\Users\Administrator\Documents\Animal Expenses.ods
    2014-05-01 11:46 - 2011-01-08 00:19 - 00624640 ___SH () C:\Users\Administrator\Documents\Thumbs.db
    2014-05-01 09:04 - 2010-11-28 16:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-01 08:46 - 2009-07-14 00:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-01 08:46 - 2009-07-14 00:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-01 08:41 - 2013-11-13 11:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-05-01 08:41 - 2013-06-11 15:12 - 00014568 _____ () C:\Windows\setupact.log
    2014-05-01 08:41 - 2010-01-21 22:47 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-05-01 08:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-30 20:26 - 2011-07-02 19:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    2014-04-28 14:28 - 2012-08-26 12:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-28 14:28 - 2012-04-16 13:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-04-28 14:28 - 2011-06-13 09:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-25 19:01 - 2014-03-04 13:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\kintraks
    2014-04-23 10:52 - 2011-03-20 18:46 - 00000000 ____D () C:\Users\Administrator\Documents\Recipes
    2014-04-16 20:16 - 2014-04-16 20:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2014-04-15 10:12 - 2014-04-15 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2014-04-15 10:12 - 2014-04-15 10:12 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-04-15 10:12 - 2014-04-11 10:12 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-04-15 10:12 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-14 23:34 - 2013-12-20 20:45 - 00000000 ____D () C:\ProgramData\BitRaider
    2014-04-14 17:04 - 2011-12-13 10:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Turbine
    2014-04-11 10:12 - 2014-04-11 10:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2014-04-11 10:12 - 2010-02-12 00:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
    2014-04-09 23:11 - 2013-12-29 10:16 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-09 23:10 - 2010-01-21 22:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-09 09:53 - 2013-10-07 17:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-29 12:09

    ==================== End Of Log ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2014 01
    Ran by Administrator at 2014-05-01 16:45:56
    Running from C:\Users\Administrator\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    1701 A.D. (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    ATITool Overclocking Utility (HKLM-x32\...\ATITool) (Version: 0.26 - )
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2011 - Avast Software)
    AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3408 - AVG Technologies)
    AVG 2013 (Version: 13.0.3392 - AVG Technologies) Hidden
    AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.0.1.4 - AVG Technologies)
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
    Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
    Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
    DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
    EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
    ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
    File Opener Pro (HKLM-x32\...\fileopenerpro) (Version: - FileOpenerPro) <==== ATTENTION
    Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Earth (HKLM-x32\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
    Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Kintraks 7.04.02 (HKLM-x32\...\Kintraks_is1) (Version: - Kintraks)
    Legacy 7.0 (HKLM-x32\...\Legacy 7.0) (Version: 7.0 - Millennia Corporation)
    Legacy Charting 7.0 (HKLM-x32\...\LegacyChart7_is1) (Version: - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version: - )
    NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
    OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
    Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.29 - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
    The Lord of the Rings Online™ v03.04.04.8012 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.04.04.8012 - Turbine, Inc.)
    Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.7 - Flagship Industries, Inc.)
    VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
    Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

    ==================== Restore Points =========================

    15-04-2014 05:31:35 Scheduled Checkpoint
    15-04-2014 09:35:42 Windows Update
    18-04-2014 12:46:13 Windows Update
    22-04-2014 13:01:48 Windows Update
    25-04-2014 13:45:39 Windows Update
    29-04-2014 13:06:06 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2013-10-07 23:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {22DEA8BA-1513-4DEE-9041-A92D1271CB26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-05] (AVAST Software)
    Task: {2C88CEB8-6636-4771-956F-BA2A94C7D904} - System32\Tasks\AdwarePro => C:\Program Files (x86)\Adware Pro\Adware_Pro.exe
    Task: {334262A9-3C24-4183-887E-C6A62D93CA68} - System32\Tasks\{85785F1B-74D3-445B-99E5-0BF4FD95F3EF} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    Task: {3890B659-172E-4EDC-9CA3-899D6D70B088} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1224842166-2811445709-100843145-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {46250A24-808D-42A7-89BA-DEAED31432C1} - System32\Tasks\{268F73CB-572C-4957-8A11-B3D83BF34AFF} => C:\Program Files\Vivitar Experience Image Manager\Vivitar.exe [2009-12-29] ()
    Task: {6782097A-2351-4762-8DF3-FAA745B65066} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
    Task: {686B5C43-3151-4BDC-A95A-46814D11FEEB} - System32\Tasks\{31154C38-81B2-458F-AAB8-FDF70472655C} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1618
    Task: {68D1B119-EADC-49AA-AADA-24E12CCBA70D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {70EF5350-A171-4167-852E-3223D2F48766} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1224842166-2811445709-100843145-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {7A077B6D-5769-4088-8069-F48B701A6CCE} - System32\Tasks\{E7A50ADE-9A46-47B7-92FC-111E308A85C2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
    Task: {80B13360-2F6D-4309-9E4F-D2FD9B8C9464} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {964A0581-C6F6-4CBD-87D1-76107284B82E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
    Task: {A9074A3C-C815-4FAE-BDB0-9A2E802B7551} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
    Task: {AB2F15D6-FB58-4D59-98C3-D7E4F2CCC585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
    Task: {C6B5541D-EF18-4B26-AB96-671D18169277} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
    Task: {C7981CDE-ECFE-4459-B533-8588C30D50C2} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {E012802F-FA83-4C96-9A82-F4BBC7BFDC22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
    Task: {E6B659C2-CDFC-438A-8692-BC3752CC3AA2} - System32\Tasks\Ad-Aware Scan (scan) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-06-08 23:50 - 2013-01-18 11:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-30 17:54 - 2014-04-30 15:31 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043002\algo.dll
    2013-11-14 23:21 - 2013-11-14 23:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\Services: vToolbarUpdater11.1.0 => 2
    MSCONFIG\Services: WSearch => 2
    MSCONFIG\Services: YahooAUService => 2
    MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    ==================== Faulty Device Manager Devices =============

    Name: SBRE
    Description: SBRE
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SBRE
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/30/2014 10:13:49 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/29/2014 00:10:26 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/28/2014 06:13:05 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/26/2014 01:55:41 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: EXPLORERFRAME.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
    Exception code: 0xc0000005
    Fault offset: 0x000000000001b3b5
    Faulting process id: 0xac8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (04/26/2014 11:23:13 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/25/2014 00:35:18 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/25/2014 11:35:43 AM) (Source: Application Hang) (User: )
    Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 5a0

    Start Time: 01cf608c3bb36eb3

    Termination Time: 87

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 40fb4a60-cc8f-11e3-ae72-0024e801788c

    Error: (04/24/2014 03:13:15 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (04/22/2014 04:33:32 PM) (Source: Application Error) (User: )
    Description: Faulting application name: firefox.exe, version: 28.0.0.5186, time stamp: 0x53240e37
    Faulting module name: xul.dll, version: 28.0.0.5186, time stamp: 0x53240e04
    Exception code: 0xc0000005
    Fault offset: 0x00184729
    Faulting process id: 0xc78
    Faulting application start time: 0xfirefox.exe0
    Faulting application path: firefox.exe1
    Faulting module path: firefox.exe2
    Report Id: firefox.exe3

    Error: (04/22/2014 11:19:32 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


    System errors:
    =============
    Error: (05/01/2014 08:43:37 AM) (Source: Service Control Manager) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (05/01/2014 08:43:37 AM) (Source: Service Control Manager) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/01/2014 08:41:36 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    crlscsi
    Lbd
    SBRE

    Error: (05/01/2014 08:41:34 AM) (Source: Service Control Manager) (User: )
    Description: The Util SaltarSmart service failed to start due to the following error:
    %%2

    Error: (05/01/2014 08:41:16 AM) (Source: Application Popup) (User: )
    Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (04/30/2014 09:46:02 AM) (Source: Service Control Manager) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (04/30/2014 09:46:02 AM) (Source: Service Control Manager) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (04/30/2014 09:44:02 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    crlscsi
    Lbd
    SBRE

    Error: (04/30/2014 09:44:00 AM) (Source: Service Control Manager) (User: )
    Description: The Util SaltarSmart service failed to start due to the following error:
    %%2

    Error: (04/30/2014 09:43:39 AM) (Source: Application Popup) (User: )
    Description: \SystemRoot\SysWow64\Drivers\crlscsi.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    Microsoft Office Sessions:
    =========================
    Error: (04/30/2014 10:13:49 AM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/29/2014 00:10:26 PM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/28/2014 06:13:05 PM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/26/2014 01:55:41 PM) (Source: Application Error)(User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4EXPLORERFRAME.dll6.1.7601.175144ce7c6a8c0000005000000000001b3b5ac801cf6158554e6b6dC:\Windows\Explorer.EXEC:\Windows\system32\EXPLORERFRAME.dllfad064b4-cd6b-11e3-b175-0024e801788c

    Error: (04/26/2014 11:23:13 AM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/25/2014 00:35:18 PM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/25/2014 11:35:43 AM) (Source: Application Hang)(User: )
    Description: firefox.exe28.0.0.51865a001cf608c3bb36eb387C:\Program Files (x86)\Mozilla Firefox\firefox.exe40fb4a60-cc8f-11e3-ae72-0024e801788c

    Error: (04/24/2014 03:13:15 PM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (04/22/2014 04:33:32 PM) (Source: Application Error)(User: )
    Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729c7801cf5e2aaa937544C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll5e595560-ca5d-11e3-aec6-0024e801788c

    Error: (04/22/2014 11:19:32 AM) (Source: SideBySide)(User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


    CodeIntegrity Errors:
    ===================================
    Date: 2013-10-07 23:31:01.615
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-07 23:31:01.537
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-07 23:31:01.459
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-07 23:31:01.381
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-07-06 16:06:11.657
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-11 14:43:56.889
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-06-11 14:43:56.811
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-02-07 08:59:52.781
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-02-07 08:59:52.781
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2010-02-07 08:59:52.750
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 4094.18 MB
    Available physical RAM: 2749.33 MB
    Total Pagefile: 8186.53 MB
    Available Pagefile: 6803.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:265.66 GB) (Free:135.72 GB) NTFS
    Drive r: (Recovery) (Fixed) (Total:200 GB) (Free:66.99 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0FEC305E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=266 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    OK Heather, give me some time to go through it and I'll get back to you...
     

Share This Page