Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

SysMenu.DLL missing [Closed]

Started by dolface755 , Aug 05 2014 10:56 PM

This topic is locked

#1
dolface755

Posted 05 August 2014 - 10:56 PM

Member

Member
249 posts

ok so 2 days ago I woke up to a nasty virus or "harmful" file and as usual I did what always do and put it in Quartentee then ran Malware, and AVG and spybot and it found a few files. Since then I keep getting the error message...."C:\Progra~1\common~1\System\SysMenu.dll" is missing, please help me fix this, I've very new at windows 7 so I don't quite all the ins and outs like I do with XP..

Any suggestions other then "formatting" and starting from scratch I would really appreciate.

Thank you in advance

Edited by dolface755, 05 August 2014 - 10:56 PM.

#2
Essexboy

Posted 08 August 2014 - 01:50 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets have a quick look

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
Essexboy

Posted 12 August 2014 - 08:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
Essexboy

Posted 12 August 2014 - 11:59 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#5
Essexboy

Posted 16 August 2014 - 10:11 AM

GeekU Moderator

Retired Staff
69,964 posts

#6
Essexboy

Posted 17 August 2014 - 04:39 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#7
dolface755

Posted 17 August 2014 - 02:40 PM

Member

Topic Starter
Member
249 posts

Sorry This is scan called Adiditon::

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2014

Ran by Donna at 2014-08-12 09:45:21

Running from C:\Users\Donna\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)

AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden

AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)

Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)

AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden

BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31744 - BitTorrent Inc.)

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)

Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Definition update for Microsoft Office 2010 (KB982726) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version: - Microsoft)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Quest Solitaire (remove only) (HKLM-x32\...\Jewel Quest Solitaire) (Version: - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Moraff's MahJongg 2005 Luxury Edition (HKLM-x32\...\setup_is1) (Version: - MoraffWare)

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)

Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)

NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)

PCStitch Pro 9 (HKLM-x32\...\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}) (Version: 9.01.09 - M&R Technologies, Inc.)

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)

Remote Control PC 6.0_Full (HKLM-x32\...\{1897E915-A158-4306-A788-FE77888439AD}) (Version: 6.0_Full - Remote-Control-PC.com)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)

Save.ca Print-At-Home (HKLM-x32\...\ca.save.print-at-home-signed) (Version: 15.0 - Metroland Media Group Ltd)

Save.ca Print-At-Home (x32 Version: 15.0 - Metroland Media Group Ltd) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

The 'Jongg CDs - Additional Tilesets (HKLM-x32\...\tilesets_is1) (Version: - MoraffWare)

Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version: - Electronic Arts)

Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

11-07-2014 11:18:45 Scheduled Checkpoint

19-07-2014 10:57:36 Scheduled Checkpoint

21-07-2014 18:31:38 Windows Update

29-07-2014 07:19:39 Scheduled Checkpoint

01-08-2014 12:11:32 Windows Update

04-08-2014 19:01:04 Restore Operation

08-08-2014 00:55:41 Installed AVG 2014

11-08-2014 01:43:45 Configured PCStitch Pro 9

11-08-2014 01:44:03 Installed PCStitch Pro 9

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C705DD1-64A0-4B55-86CD-2E790537E99C} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2

Task: {291AD49A-9B6B-48D6-9E68-DDF650F7D04A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)

Task: {3CC7440A-175F-4383-B163-13330CC253B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {48673C3D-FB12-46E2-815E-780ED8A78075} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {708C7850-267F-41C6-9C03-FFB82DB06F53} - \SMupdate1 No Task File <==== ATTENTION

Task: {A325D546-8564-47F4-89D0-A6749E8BA47F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3

Task: {B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: {C5BE8C7B-793A-4332-BD97-E7632BBCFF25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)

Task: {D65A09D2-C198-4274-B57C-E58EDECF1659} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-12] ()

Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\David Salter\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16 /CMPID=0214c

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (08/12/2014 09:41:37 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 06:47:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: The application cannot be initialized.

Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:

=============

Error: (08/12/2014 09:40:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (08/10/2014 06:45:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (08/07/2014 06:01:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2014 06:01:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/07/2014 06:00:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (08/04/2014 00:04:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (08/03/2014 01:30:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (08/03/2014 01:20:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

Error: (08/03/2014 01:20:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/03/2014 01:20:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Microsoft Office Sessions:

=========================

Error: (08/12/2014 09:41:37 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 06:47:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Context: Windows Application, SystemIndex Catalog

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/07/2014 06:01:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt

==================== Memory info ===========================

Percentage of memory in use: 21%

Total physical RAM: 7364.72 MB

Available physical RAM: 5816.6 MB

Total Pagefile: 14727.63 MB

Available Pagefile: 13099.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:873 GB) NTFS

Drive d: (TW08) (CDROM) (Total:2.04 GB) (Free:0 GB) UDF

Drive f: () (Removable) (Total:3.95 GB) (Free:2.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 514949C7)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 2.

==================== End Of Log ============================

Concurrently this is the second scan I was to label FRTS

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014

Ran by Donna (administrator) on DAVIDSALTER-PC on 12-08-2014 09:44:47

Running from C:\Users\Donna\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:

========

FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\juxtn8il.default

FF DefaultSearchEngine: Conduit Search

FF SelectedSearchEngine: Conduit Search

FF Homepage: hxxp://ca.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll No File

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF user.js: detected! => C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\juxtn8il.default\user.js

FF Extension: Canadian English Dictionary - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\juxtn8il.default\Extensions\[email protected] [2014-03-12]

Chrome:

=======

CHR DefaultSearchKeyword: conduit.search

CHR DefaultSearchProvider: Conduit Search

CHR DefaultNewTabURL:

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (Google Wallet) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 09:44 - 2014-08-12 09:44 - 00009397 _____ () C:\Users\Donna\Downloads\FRST.txt

2014-08-12 09:44 - 2014-08-12 09:44 - 00000000 ____D () C:\FRST

2014-08-12 09:42 - 2014-08-12 09:42 - 02099712 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe

2014-08-10 14:57 - 2014-08-10 14:57 - 02099712 _____ (Farbar) C:\Users\David Salter\Downloads\FRST64.exe

2014-08-07 22:24 - 2014-08-07 22:24 - 00000000 ____D () C:\Users\David Salter\AppData\Roaming\.mono

2014-08-07 17:58 - 2014-08-07 17:58 - 04813544 _____ (Piriform Ltd) C:\Users\David Salter\Downloads\ccsetup416.exe

2014-08-03 13:28 - 2014-08-03 13:28 - 00002446 _____ () C:\Users\David Salter\Documents\cc_20140803_132844.reg

2014-08-03 13:19 - 2014-08-07 18:00 - 00004186 _____ () C:\Windows\PFRO.log

2014-08-03 12:22 - 2014-08-12 09:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-03 12:22 - 2014-08-04 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-03 12:22 - 2014-08-04 12:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-03 12:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-03 12:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-02 20:17 - 2014-08-11 00:00 - 00000000 ____D () C:\Users\David Salter\AppData\Local\PokerStars

2014-08-02 20:17 - 2014-08-08 23:10 - 00000000 ____D () C:\Program Files (x86)\PokerStars

2014-08-02 20:17 - 2014-08-04 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-08-02 20:17 - 2014-08-02 20:17 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk

2014-08-02 20:13 - 2014-08-02 20:16 - 52562448 _____ (PokerStars) C:\Users\David Salter\Downloads\PokerStarsInstall.exe

2014-08-01 05:11 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-01 05:11 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-01 05:11 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-01 05:11 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-01 05:11 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-01 05:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-01 05:11 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-01 05:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-07-22 15:28 - 2014-07-22 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-21 11:31 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-21 11:31 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-21 11:31 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-21 11:31 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-21 11:31 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-21 11:31 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-21 11:31 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-21 11:31 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-21 11:31 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-21 11:31 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-21 11:31 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-21 11:31 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-21 11:31 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-21 11:31 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-21 11:31 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-21 11:31 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-21 11:31 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-21 11:31 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-21 11:31 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-21 11:31 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-21 11:31 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-21 11:31 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-21 11:31 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-21 11:31 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-21 11:31 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-21 11:31 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-21 11:31 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-21 11:31 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-21 11:31 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-21 11:31 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-21 11:31 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-21 11:31 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-21 11:31 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-21 11:31 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-21 11:31 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-21 11:31 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-21 11:31 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-21 11:31 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-21 11:31 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-21 11:31 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-21 11:31 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-21 11:31 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-21 11:31 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-21 11:31 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-21 11:31 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-21 11:31 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-21 11:31 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-21 11:31 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-21 11:31 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-21 11:31 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-21 11:31 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-21 11:31 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-21 11:31 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-21 11:31 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-21 11:31 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-21 11:31 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-21 11:30 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-21 11:30 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-21 11:30 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-21 11:30 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-21 11:30 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-21 11:30 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-21 11:30 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-21 11:30 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-21 11:30 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-15 11:35 - 2014-07-15 11:35 - 04812672 _____ (Piriform Ltd) C:\Users\David Salter\Downloads\ccsetup415.exe

2014-07-13 01:00 - 2014-08-12 09:40 - 00001354 _____ () C:\Windows\setupact.log

2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 09:44 - 2014-08-12 09:44 - 00009397 _____ () C:\Users\Donna\Downloads\FRST.txt

2014-08-12 09:44 - 2014-08-12 09:44 - 00000000 ____D () C:\FRST

2014-08-12 09:43 - 2014-05-01 19:12 - 01819454 _____ () C:\Windows\WindowsUpdate.log

2014-08-12 09:42 - 2014-08-12 09:42 - 02099712 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe

2014-08-12 09:41 - 2014-01-09 18:31 - 00000000 ____D () C:\ProgramData\MFAData

2014-08-12 09:40 - 2014-08-03 12:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-12 09:40 - 2014-07-13 01:00 - 00001354 _____ () C:\Windows\setupact.log

2014-08-12 09:40 - 2014-02-20 17:03 - 00000264 _____ () C:\Windows\Tasks\AutoKMS.job

2014-08-12 09:40 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-11 00:25 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-11 00:00 - 2014-08-02 20:17 - 00000000 ____D () C:\Users\David Salter\AppData\Local\PokerStars

2014-08-10 19:30 - 2014-06-26 14:43 - 00000000 ____D () C:\Users\David Salter\AppData\Roaming\PCStitch Pro

2014-08-10 18:53 - 2009-07-13 21:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-10 18:53 - 2009-07-13 21:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-10 18:49 - 2014-01-09 15:06 - 00000000 ____D () C:\Users\David Salter\AppData\Local\VirtualStore

2014-08-10 18:47 - 2014-01-09 18:30 - 00123616 _____ () C:\Users\David Salter\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-10 18:45 - 2009-07-13 21:45 - 00439672 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-10 18:44 - 2014-06-26 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCStitch Pro 9

2014-08-10 18:44 - 2014-06-26 14:55 - 00000000 ____D () C:\Users\David Salter\Documents\PCStitch Pro Patterns

2014-08-10 18:44 - 2014-06-26 14:42 - 00000000 ____D () C:\Program Files (x86)\PCStitch Pro 9

2014-08-10 18:41 - 2014-06-26 14:42 - 00000000 ____D () C:\ProgramData\PCStitch Pro

2014-08-10 14:57 - 2014-08-10 14:57 - 02099712 _____ (Farbar) C:\Users\David Salter\Downloads\FRST64.exe

2014-08-08 23:10 - 2014-08-02 20:17 - 00000000 ____D () C:\Program Files (x86)\PokerStars

2014-08-07 22:24 - 2014-08-07 22:24 - 00000000 ____D () C:\Users\David Salter\AppData\Roaming\.mono

2014-08-07 18:00 - 2014-08-03 13:19 - 00004186 _____ () C:\Windows\PFRO.log

2014-08-07 17:59 - 2014-01-10 21:29 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-07 17:58 - 2014-08-07 17:58 - 04813544 _____ (Piriform Ltd) C:\Users\David Salter\Downloads\ccsetup416.exe

2014-08-07 17:56 - 2014-03-31 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-04 12:02 - 2014-08-03 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-04 12:02 - 2014-08-03 12:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-04 12:02 - 2014-08-02 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-08-04 12:02 - 2014-01-27 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-04 12:02 - 2014-01-09 15:06 - 00000000 ____D () C:\Users\David Salter

2014-08-04 12:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing

2014-08-04 12:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-08-04 12:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration

2014-08-04 12:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-04 12:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat

2014-08-03 13:28 - 2014-08-03 13:28 - 00002446 _____ () C:\Users\David Salter\Documents\cc_20140803_132844.reg

2014-08-03 13:19 - 2014-01-11 12:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-08-03 13:18 - 2014-01-09 18:29 - 00000000 ____D () C:\Users\David Salter\AppData\Roaming\Systweak

2014-08-03 13:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-08-03 12:22 - 2014-05-03 05:23 - 00000000 ____D () C:\Users\David Salter\AppData\Roaming\Malwarebytes

2014-08-03 12:22 - 2014-01-27 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-08-02 20:17 - 2014-08-02 20:17 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk

2014-08-02 20:16 - 2014-08-02 20:13 - 52562448 _____ (PokerStars) C:\Users\David Salter\Downloads\PokerStarsInstall.exe

2014-07-22 15:28 - 2014-07-22 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-21 11:41 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-21 11:33 - 2014-01-09 15:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-21 11:32 - 2014-01-09 15:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-15 11:35 - 2014-07-15 11:35 - 04812672 _____ (Piriform Ltd) C:\Users\David Salter\Downloads\ccsetup415.exe

2014-07-15 11:35 - 2014-01-10 21:29 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-15 11:35 - 2014-01-10 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setuperr.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-07 04:04

==================== End Of Log ============================

did get much out of it from me but then logs are not my area of expertise....thank kind sirs and madams for you genuine help

#8
Essexboy

Posted 17 August 2014 - 02:57 PM

GeekU Moderator

Retired Staff
69,964 posts

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Task: {708C7850-267F-41C6-9C03-FFB82DB06F53} - \SMupdate1 No Task File <==== ATTENTION
Task: {A325D546-8564-47F4-89D0-A6749E8BA47F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

#9
dolface755

Posted 19 August 2014 - 03:11 AM

Member

Topic Starter
Member
249 posts

thank you I will attach log in a day or so ....back in er for problems

#10
dolface755

Posted 22 August 2014 - 11:44 AM

Member

Topic Starter
Member
249 posts

I apologize for taking so long....here's the log that was generated from the fix....

One question....I am still not getting the error message on my user name, only the other user on this computer is, or was I haven't logged on to that user since the fix was run....for some reason that doesn't seem right that one user is getting the error when other's aren't

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014
Ran by Donna at 2014-08-22 10:38:39 Run:1
Running from C:\Users\Donna\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {708C7850-267F-41C6-9C03-FFB82DB06F53} - \SMupdate1 No Task File <==== ATTENTION
Task: {A325D546-8564-47F4-89D0-A6749E8BA47F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{708C7850-267F-41C6-9C03-FFB82DB06F53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{708C7850-267F-41C6-9C03-FFB82DB06F53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A325D546-8564-47F4-89D0-A6749E8BA47F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A325D546-8564-47F4-89D0-A6749E8BA47F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 151.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#11
dolface755

Posted 22 August 2014 - 12:35 PM

Member

Topic Starter
Member
249 posts

just to let you know an update.....i've now logged onto the other user on this computer and the error message is still coming up? I'm sorry I'm very new to Windows7...I've always been a die in XP person and on that system if I did a fix it included all the users on the system....not sure if 7 is different or not

#12
Essexboy

Posted 22 August 2014 - 01:14 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you run FRST from the other user please

Select the addition text as well

#13
dolface755

Posted 22 August 2014 - 03:25 PM

Member

Topic Starter
Member
249 posts

here are the two logs from the frst scan from other user

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014

Ran by David Salter (administrator) on DAVIDSALTER-PC on 22-08-2014 14:23:34

Running from C:\Users\David Salter\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Farbar) C:\Users\David Salter\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [NPSStartup] => [X]

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={E9F82263-691A-44BB-8AB2-7F2B4827F350}&mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-29 11:18:30&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:

========

FF ProfilePath: C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default

FF DefaultSearchEngine: Conduit Search

FF SelectedSearchEngine: Conduit Search

FF Homepage: hxxp://ca.yahoo.com/

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll No File

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David Salter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:

=======

CHR HomePage: hxxp://ca.yahoo.com/

CHR StartupUrls: "hxxp://ca.yahoo.com/"

CHR DefaultSearchKeyword: yahoo.com

CHR DefaultSearchProvider: Yahoo!

CHR DefaultSearchURL: https://search.yahoo...p={searchTerms}

CHR DefaultSuggestURL: http://ff.search.yah...d={searchTerms}

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]

CHR Extension: (YouTube) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]

CHR Extension: (Google Search) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]

CHR Extension: (Google Wallet) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]

CHR Extension: (Gmail) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)