SM7

Member
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About SM7

  • Rank
    New Member
  1. I had no problems. Things are running good. Looked like to auto runs were deleted ? FYI I uninstalled AVG and reinstalled yester and all is updting now. I can not attach the file message "THe server returned and error during upload". ???? I tried all three of your upload option with no success & I renamed the text file with all options. Thanks
  2. I have not been able to UPdate my AVG since 7/14/14. I've turned off some of the Suf Protection and File guard for EMSIsoft thinking it may have been blocking my update. this did not help and i went through all of the AVG trouble shooting. Please respond as to my next step... and any info on this new problem with AVG update ? Thanks
  3. How did my logs look ? I ran EMSIsoft again and the RASAP132 RASMANCS did not come up when I last ran EMSIsoft. Does this mean I put the fix in correctly or do I need to run the FIX again. Please tell me specifically what I should do next based on RASP132 RASMANCS not appearing again. Thanks
  4. I'm not sure I did FRST correctly ? a message popped up the .txt was not in the same location ? I put the .txt on my desktop. Thanks for your Help, Scott
  5. EMIsoft could not quaratine HKEY_ LOCAL_MACHINE/Software/Microsoft/Training/AU_RASAP132 " " " _RASMANCS Maleware bytes stops an OUTGOING message from my computer and message pops up from Malwarbytes. RASAP132 seems to have been quaritined. Emsisoft Emergency Kit - Version 4.0 Last update: 7/17/2014 6:03:21 PM User account: Scott-PC\Scott Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\ Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 7/17/2014 6:03:53 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS detected: Application.Win32.InstallExt (A) Scanned 131608 Found 1 Scan end: 7/17/2014 6:26:22 PM Scan time: 0:22:29 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01 Ran by Scott (administrator) on SCOTT-PC on 17-07-2014 18:28:43 Running from C:\Users\Scott\Downloads Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Safer Networking Ltd.) C:\Program Files\spybot - search & destroy\SDWinSec.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\spybot - search & destroy\TeaTimer.exe () C:\Program Files\EZ-DUB\EZ-DUB.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE (Emsisoft GmbH) C:\EEK\Run\a2emergencykit.exe (Adobe Systems Incorporated) C:\Program Files\adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files\adobe\Reader 11.0\Reader\AcroRd32.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.) HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH) HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe () ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC703EB21F54CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/ SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = SearchScopes: HKCU - {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source} SearchScopes: HKCU - {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={28D50B71-BC4B-4D0F-9827-187BF65235E9}&mid=c42fa7dead4147d082f3d16daee5685a-b1ae052651faaa2bd6266dffd5921784f491617a〈=en&ds=AVG&pr=pr&d=2012-03-31 08:03:57&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default FF Homepage: https://www.ixquick.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31] ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) R3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-07-17] (Emsisoft GmbH) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-17 18:28 - 2014-07-17 18:29 - 00010614 _____ () C:\Users\Scott\Downloads\FRST.txt 2014-07-17 18:28 - 2014-07-17 18:28 - 00000000 ____D () C:\FRST 2014-07-17 18:27 - 2014-07-17 18:27 - 00001136 _____ () C:\Users\Scott\Desktop\1a2scan_140717-180353.txt 2014-07-17 18:01 - 2014-07-17 18:01 - 00000546 _____ () C:\Users\Scott\Desktop\Emsisoft Emergency Kit.lnk 2014-07-17 18:00 - 2014-07-17 18:01 - 00000000 ____D () C:\EEK 2014-07-17 17:52 - 2014-07-17 17:53 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe 2014-07-17 17:52 - 2014-07-17 17:53 - 01077248 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe 2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-17 15:19 - 2014-07-17 17:55 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-17 15:08 - 2014-07-17 15:12 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-17 13:03 - 2014-07-17 13:04 - 00001864 _____ () C:\Users\Scott\Desktop\Numbers Triplets.txt 2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader 2014-07-14 22:12 - 2014-07-14 22:22 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-14 22:11 - 2014-07-17 14:56 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe 2014-07-14 10:47 - 2014-07-14 11:25 - 233793651 _____ () C:\Users\Scott\Downloads\af85.ASSlaves.TiaTanaka.rar 2014-07-12 09:36 - 2014-07-14 13:59 - 608264134 _____ () C:\Users\Scott\Downloads\birol-9-sc3.rar 2014-07-11 15:02 - 2012-09-02 16:55 - 00000050 _____ () C:\Users\Scott\Downloads\New Text Document.txt 2014-07-11 05:50 - 2014-06-18 17:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 05:50 - 2014-06-18 17:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 05:50 - 2014-06-18 17:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 05:50 - 2014-06-18 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 05:50 - 2014-06-18 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 05:50 - 2014-06-18 17:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 05:50 - 2014-06-18 17:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 05:50 - 2014-06-18 17:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 05:50 - 2014-06-18 17:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 05:49 - 2014-06-18 17:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 05:49 - 2014-06-18 17:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-07-11 05:49 - 2014-06-18 16:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-07-11 05:49 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 05:49 - 2014-06-17 17:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 05:49 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 05:49 - 2014-06-05 07:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-11 05:49 - 2014-05-29 23:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-11 05:48 - 2014-06-29 18:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-11 05:48 - 2014-06-29 18:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 05:48 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-04 10:48 - 2014-07-04 11:01 - 00001459 _____ () C:\Users\Scott\Desktop\Snipping Tool.lnk 2014-06-27 12:58 - 2014-06-27 12:58 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx(1).exe 2014-06-27 12:45 - 2014-06-27 12:45 - 03987795 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\ModuleInstallerSetup04.exe 2014-06-27 12:35 - 2012-12-02 15:47 - 14729216 _____ () C:\Users\Scott\Downloads\kjva.bblx 2014-06-27 12:26 - 2014-06-27 12:26 - 02653049 _____ () C:\Users\Scott\Downloads\kjva.zip 2014-06-27 12:26 - 2014-06-27 12:26 - 02012230 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\kjva.exe 2014-06-27 12:26 - 2014-06-27 12:26 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx.exe 2014-06-24 08:30 - 2014-06-24 08:41 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-21 06:55 - 2014-06-21 06:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2014-07-17 18:29 - 2014-07-17 18:28 - 00010614 _____ () C:\Users\Scott\Downloads\FRST.txt 2014-07-17 18:28 - 2014-07-17 18:28 - 00000000 ____D () C:\FRST 2014-07-17 18:27 - 2014-07-17 18:27 - 00001136 _____ () C:\Users\Scott\Desktop\1a2scan_140717-180353.txt 2014-07-17 18:27 - 2014-04-10 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-17 18:01 - 2014-07-17 18:01 - 00000546 _____ () C:\Users\Scott\Desktop\Emsisoft Emergency Kit.lnk 2014-07-17 18:01 - 2014-07-17 18:00 - 00000000 ____D () C:\EEK 2014-07-17 17:55 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-17 17:53 - 2014-07-17 17:52 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe 2014-07-17 17:53 - 2014-07-17 17:52 - 01077248 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe 2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-17 16:54 - 2014-04-09 11:32 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-17 15:12 - 2014-07-17 15:08 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-17 14:56 - 2014-07-14 22:11 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe 2014-07-17 14:31 - 2014-04-09 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-17 14:30 - 2014-04-09 14:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\vlc 2014-07-17 13:04 - 2014-07-17 13:03 - 00001864 _____ () C:\Users\Scott\Desktop\Numbers Triplets.txt 2014-07-17 10:32 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-17 10:32 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-17 10:29 - 2014-04-09 10:56 - 01447398 _____ () C:\Windows\WindowsUpdate.log 2014-07-17 10:25 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-17 10:25 - 2009-07-13 21:39 - 00037446 _____ () C:\Windows\setupact.log 2014-07-16 07:19 - 2010-11-20 14:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-16 06:53 - 2014-04-11 06:19 - 00002629 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat 2014-07-14 22:22 - 2014-07-14 22:12 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader 2014-07-14 13:59 - 2014-07-12 09:36 - 608264134 _____ () C:\Users\Scott\Downloads\birol-9-sc3.rar 2014-07-14 11:25 - 2014-07-14 10:47 - 233793651 _____ () C:\Users\Scott\Downloads\af85.ASSlaves.TiaTanaka.rar 2014-07-13 08:25 - 2011-12-22 15:29 - 00000000 ____D () C:\Users\Scott\Desktop\Religious 2014-07-13 06:15 - 2010-11-20 14:48 - 00082378 _____ () C:\Windows\PFRO.log 2014-07-11 07:33 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache 2014-07-11 05:57 - 2009-07-13 21:33 - 00309904 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-11 05:55 - 2014-05-07 07:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-11 05:55 - 2011-04-11 19:24 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 05:53 - 2014-04-10 12:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 05:51 - 2014-04-10 12:55 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-07 11:44 - 2014-04-07 13:15 - 00000000 ____D () C:\Users\Scott\Desktop\DESKTOP INFO 2014-07-05 09:47 - 2014-04-23 08:09 - 00000000 ____D () C:\Users\Scott\AppData\Local\CutePDF Writer 2014-07-04 11:01 - 2014-07-04 10:48 - 00001459 _____ () C:\Users\Scott\Desktop\Snipping Tool.lnk 2014-07-04 11:01 - 2014-06-09 08:03 - 00001268 _____ () C:\Users\Scott\Desktop\Notepad.lnk 2014-07-04 11:01 - 2013-12-01 12:30 - 00001531 _____ () C:\Users\Scott\Desktop\Paint.lnk 2014-07-01 19:09 - 2014-04-09 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-06-30 07:32 - 2013-04-12 11:50 - 00000000 ____D () C:\Users\Scott\Documents\e-Sword 2014-06-29 18:40 - 2014-07-11 05:48 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 18:36 - 2014-07-11 05:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-27 12:58 - 2014-06-27 12:58 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx(1).exe 2014-06-27 12:58 - 2014-04-14 20:57 - 00000000 ____D () C:\Program Files\e-Sword 2014-06-27 12:45 - 2014-06-27 12:45 - 03987795 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\ModuleInstallerSetup04.exe 2014-06-27 12:26 - 2014-06-27 12:26 - 02653049 _____ () C:\Users\Scott\Downloads\kjva.zip 2014-06-27 12:26 - 2014-06-27 12:26 - 02012230 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\kjva.exe 2014-06-27 12:26 - 2014-06-27 12:26 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx.exe 2014-06-25 12:26 - 2014-04-10 16:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-24 08:41 - 2014-06-24 08:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-22 06:03 - 2009-07-13 21:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-21 21:37 - 2014-05-10 20:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2014-06-21 06:55 - 2014-06-21 06:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-18 17:54 - 2014-07-11 05:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-18 17:53 - 2014-07-11 05:50 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-18 17:53 - 2014-07-11 05:50 - 01141760 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-18 17:53 - 2014-07-11 05:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-18 17:53 - 2014-07-11 05:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-18 17:53 - 2014-07-11 05:50 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-18 17:53 - 2014-07-11 05:49 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 13732352 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 02863616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-18 17:52 - 2014-07-11 05:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-18 17:52 - 2014-07-11 05:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-18 17:52 - 2014-07-11 05:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-06-18 17:30 - 2014-07-11 05:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-18 16:34 - 2014-07-11 05:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-06-17 18:51 - 2014-07-11 05:49 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-17 17:52 - 2014-07-11 05:49 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 08:26 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01 Ran by Scott at 2014-07-17 18:29:30 Running from C:\Users\Scott\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - ) ACT! 2000 (HKCU\...\ACT! 2000) (Version: - ) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version: - PDFChief Co., Ltd.) Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.) Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies) AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH) e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers) e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com) EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System) EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) EZ-DUB Finder (Version: 1.00.0722 - LiteON) Hidden Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) iTunes (HKLM\...\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}) (Version: 10.0.0.68 - Apple Inc.) LiveUpdate (HKLM\...\LiveUpdate) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Restore Points ========================= 29-06-2014 14:43:21 Scheduled Checkpoint 06-07-2014 17:41:55 Scheduled Checkpoint 11-07-2014 12:50:21 Windows Update 15-07-2014 05:17:39 Checkpoint by HitmanPro 15-07-2014 05:21:13 Checkpoint by HitmanPro ==================== Hosts content: ========================== 2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.) Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.) Task: {F2FA7467-3EDF-4E2C-9E53-B5E9B9F81698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-14 08:20 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll 2010-06-03 13:46 - 2010-06-03 13:46 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2005-09-13 19:47 - 2005-09-13 19:47 - 00266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe 2010-06-03 13:45 - 2010-06-03 13:45 - 01240880 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-08-10 00:00 - 2010-08-10 00:00 - 00324896 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll 2014-07-17 15:19 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/17/2014 00:48:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x1fd0 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (07/17/2014 00:47:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x120c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (07/17/2014 10:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2014 03:12:08 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 468: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error: (07/16/2014 06:18:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/15/2014 07:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 192: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error: (07/15/2014 07:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 188: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error: (07/15/2014 02:26:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2014 10:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2014 10:22:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0104FA18.64). hr = 0x80070005, Access is denied. . System errors: ============= Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Error: (07/17/2014 06:27:42 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 69% Total physical RAM: 3061.18 MB Available physical RAM: 938.18 MB Total Pagefile: 6120.64 MB Available Pagefile: 3107.19 MB Total Virtual: 2047.88 MB Available Virtual: 1885.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:31.26 GB) NTFS Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1431.45 GB) NTFS Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1263.29 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or (Size: 466 GB) (Disk ID: 7A055C85) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. ======================================================== Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED) Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks SM7