Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan horse psw generic 12 [Solved]

Started by eevie , Jun 23 2015 08:41 AM

avg generic psw trojan

This topic is locked

#16
DanoNH

Posted 29 June 2015 - 04:31 PM

Trusted Helper

Malware Removal
2,155 posts

OK, let's try this now...

First

You will need a USB flash drive (USB stick) for these next steps:

Now

Run Windows Repair (All In One) from a USB Flash Drive

Using a clean computer:

Download Windows Repair All-In-One Portable by Tweaking.com to your flash drive..
Extract the downloaded zip file to your USB thumb drive by right-clicking on the file and selecting Extract...

Using the Infected computer:

Insert the USB stick with Windows AIO on it.
Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
  NOTE: The below image is only for a reference. Please select the following items:
  - 01 - Reset Registry Permissions
  - 03 - Reset Service Permissions
  - 04 - Register System Files
  - 05 - Repair WMI
  - 06 - Repair Windows Firewall
  - 07 - Repair Internet Explorer
  - 08 - Repair MDAC/MS Jet
  - 09 - Repair Hosts File
  - 10 - Remove Policies Set by Infections
  - 13 - Repair Winsock & DNS Cache
  - 14 - Remove Temp Files
  - 15 - Repair Proxy Settings
  - 16 - Unhide Non System Files
  - 17 - Repair Windows Updates
  - 19 - Repair Volume Shadow Copy Service
  - 26 - Restore Important Windows Services
  - 27 - Set Windows Services to Default Startup
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply (using your USB stick).
The computer should reboot automatically.

Please test your Internet connectivity after this, and tell me how the computer is working.

Second
Run FRST

On the infected computer, please re-run the Farbar Recovery Scan Tool from your Desktop.
(http://www.bleepingc...very-scan-tool/)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
Make sure the Addition.txt check-box is checked.
Press Scan button.
It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
Please copy and paste the contents of both of those logs back here using your USB stick.

Third

Run a scan with Farbar Service Scanner

On the infected computer, please again run Farbar Service Scanner from your Desktop.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply using your USB stick.

Finally
In your next reply, please copy/paste the contents of the following logs:

Windows AIO Repair log
FRST.txt log
Addition.txt log
FSS log

And tell me if your Internet is now working.

#17
eevie

Posted 30 June 2015 - 03:42 PM

Member

Topic Starter
Member
27 posts

Before I started the computer is working very slowly. Meanwhile the hard drive sounds like it is working overtime. I have followed instructions, but Repair_Windows.exe Repair_Windows.exe took a very long time to do step 2 - create system restore, when it finally finished it closed itself, so I reopened and continued to follow from where I left off. I still have the AVG appear informing me it's found the Trojan horse, I have ignored this. I then had to leave the computer whilst it started repairs. On returning it had gone into sleep mode, when I woke it up I had a message: windows repair application error ...required data was not placed in memory because of I/O error status. I clicked ok. Now it tells me from the log in screen that my login is locked, I clicked switch user and it has gone back to login screen, when I log in I have a few error notifications -

Microsoft.net framework - handled exception has occurred in your application.....exception of type "sytemoutofmemoryexception was thrown. I have quit this.

Microsoft visual c++ - runtime error program C... - I have Ok'd this

Regsvr32 C:\programdata\varihlmuje\LamutEzerp.jan failed to load - I have Ok'd this

The hard drive is continuing to work overtime and working slowly. I still have no internet, the Internet says unidentified network. I notice one log mentions the antivirus being enabled, when I checked this has re-enabled itself. Thanks again for your assistance here.

Here are the logs:

Windows AIO Repair log

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:30:49

Process Count: 79

Commit Total: 15.51 GB

Commit Limit: 15.52 GB

Commit Peak: 15.52 GB

Handle Count: 22444

Kernel Total: 444.71 MB

Kernel Paged: 234.86 MB

Kernel Non Paged: 209.85 MB

System Cache: 62.21 MB

Thread Count: 1896

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.64 GB(93.7335%)

Memory Avail.: 249.04 MB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.66 GB(94.2454%)

Memory Avail.: 228.70 MB

--------------------------------------------------------------------------------

Starting Repairs...

Started at (30/06/2015 18:21:15)

The current repair has failed to start for over 30 sec.

Trying Again....

The current repair has failed to start for over 30 sec.

Trying Again....

The current repair has failed to start for over 30 sec.

Trying Again....

Done, but failed, at (30/06/2015 18:24:58)

Total Repair Time: 00:05:32

The current repair has failed to start 4 times.

Something is keeping the repair from running.

Tweaking_ras.exe in the files folder is used to run the repairs under the system account, make sure your Antivirus isnt blocking it.

Please post in the Tweaking.com forums for support.

FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015

Ran by Yvonne (administrator) on YVONNE-PC on 30-06-2015 22:10:11

Running from C:\Users\Yvonne\Desktop

Loaded Profiles: Yvonne (Available Profiles: Yvonne)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Dropbox, Inc.) C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

(Dropbox, Inc.) C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)

HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-06-09] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [Dropbox Update] => C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [VarihImuje] => regsvr32.exe "C:\ProgramData\VarihImuje\LamutEzerp.jan"

Startup: C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-02]

ShortcutTarget: Dropbox.lnk -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [S-1-5-21-2680941182-924487306-1447265962-1000] => Internet Explorer proxy is enabled

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

SearchScopes: HKU\S-1-5-21-2680941182-924487306-1447265962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-09] (AVG)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)

DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://magnetplanner...X_WEB_Win32.cab

FireFox:

========

FF ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default

FF NewTab: https://www.google.co.uk/

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=hp

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)

FF SearchPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml [2015-06-09]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-09]

FF Extension: AVG Web TuneUp - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\Extensions\avg@toolbar [2015-06-09]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox

FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:

=======

CHR Profile: C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]

CHR Extension: (Google Docs) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]

CHR Extension: (Google Drive) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-26]

CHR Extension: (YouTube) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]

CHR Extension: (Google Search) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]

CHR Extension: (Google Sheets) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]

CHR Extension: (Bookmark Manager) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]

CHR Extension: (Google Wallet) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Gmail) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Yvonne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-20]

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

Addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-06-30 22:23:51

Running from C:\Users\Yvonne\Desktop

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2680941182-924487306-1447265962-500 - Administrator - Disabled)

Guest (S-1-5-21-2680941182-924487306-1447265962-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2680941182-924487306-1447265962-1002 - Limited - Enabled)

Yvonne (S-1-5-21-2680941182-924487306-1447265962-1000 - Administrator - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Personal (HKLM-x32\...\{A7D5787B-3A91-4433-A753-CFE520671683}) (Version: 13.0.12043 - Acronis)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

ArcSoft ShowBiz DVD 2 (HKLM-x32\...\{A9FC434F-9950-487C-82F1-E1515FA70DA4}) (Version: - ArcSoft)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)

AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.4311 - AVG Technologies) Hidden

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)

CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)

Data Doctor Recovery - SIM Card (Demo) (HKLM-x32\...\{56FE9BA1-FD2F-4C78-9FA0-6EBA28B22905}_is1) (Version: 5.4.1.2 - Pro Data Doctor Pvt. Ltd.)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)

Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)

Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)

Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden

Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)

Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)

Dropbox (HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 33.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-GB)) (Version: 33.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

USB Video/Audio Driver (HKLM-x32\...\InstallShield_{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}) (Version: 1.00.0000 - )

USB Video/Audio Driver (x32 Version: 1.00.0000 - ) Hidden

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Wondershare Dr.Fone for Android(Build 2.0.0.15) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 2.0.0.15 - Wondershare Software Co.,Ltd.)

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-06-2015 13:26:00 Scheduled Checkpoint

09-06-2015 23:20:13 Windows Update

17-06-2015 17:32:28 Scheduled Checkpoint

26-06-2015 07:48:50 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0887A2E6-BACD-4A11-A0F1-17300B0DB373} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&lang=en

Task: {0D30F40D-7D67-4381-8F57-E6D58C963CD6} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)

Task: {116836AD-F61C-4783-AE24-1B74EB8FF170} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {14412581-7CD5-4747-9E48-140D4644C1DE} - \Microsoft\Windows\Setup\GWXTriggers\Logon No Task File <==== ATTENTION

Task: {26CA0CDE-97AB-4406-AB1C-3626DC08D6A0} - System32\Tasks\1114avUpdateInfo => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe

Task: {43983933-3787-4442-872C-5B65A2FDFEFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {4F5E4AA7-84D6-48EE-9966-2624277CB855} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {55E890D5-C907-4EFE-87B9-F28FBD63C946} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-29] (Microsoft Corporation)

Task: {740FB10F-EA0E-41E7-9361-495CAF65DDA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

Task: {9644BA65-D990-437A-8F4D-6E12C219CFB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle No Task File <==== ATTENTION

Task: {BDF5B269-04D8-4AF1-8C80-F37A8442E7E4} - System32\Tasks\AdobeAAMUpdater-1.0-Yvonne-PC-Yvonne => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {D756B66D-9699-4067-BEE5-4A5E17B050EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {EC533B61-D3B7-4825-B77A-3E85799ADFCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000Core.job => C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000UA.job => C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

==================== Loaded Modules (Whitelisted) ==============

2015-06-09 23:05 - 2015-06-09 23:05 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll

2012-08-17 11:30 - 2012-01-27 03:49 - 02751808 ____N () c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2012-08-17 12:39 - 2012-03-20 00:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-06-28 01:26 - 2011-06-28 01:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

2012-02-01 17:50 - 2012-02-01 17:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

2015-06-09 23:05 - 2015-06-09 23:05 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

2014-10-16 03:44 - 2014-10-16 03:44 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll

2012-08-17 11:24 - 2012-02-01 22:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-08-17 11:23 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2010-03-17 02:28 - 2010-03-17 02:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll

2010-03-22 21:52 - 2010-03-22 21:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll

2010-03-17 02:28 - 2010-03-17 02:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll

2010-03-17 02:28 - 2010-03-17 02:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll

2011-06-25 05:20 - 2011-06-25 05:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll

2011-06-28 01:25 - 2011-06-28 01:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll

2011-06-25 05:21 - 2011-06-25 05:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll

2010-03-12 01:52 - 2010-03-12 01:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll

2010-03-05 21:07 - 2010-03-05 21:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

2010-03-05 21:07 - 2010-03-05 21:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll

2010-03-12 01:52 - 2010-03-12 01:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

2015-06-30 22:09 - 2015-06-30 22:09 - 00043008 _____ () c:\users\yvonne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfkz_wp.dll

2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-05-07 18:53 - 2015-05-07 18:53 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll

2015-06-09 23:05 - 2015-06-09 23:05 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK

AlternateDataStreams: C:\Users\Yvonne\Local Settings:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\Application Data:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA:cBoXbkA0eiXwo9vkaRRNc9w

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4B1D4D12-31F9-40B1-ABA9-4E05B833303E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{5E5AFD4B-D418-4EF7-96E6-758CAF587BC1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe

FirewallRules: [{AE84D477-7AF1-42D4-A7E1-872845609DDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{151F5586-AD1E-45FB-B65C-315D39C092A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE

FirewallRules: [{239EAF4F-AA63-489B-A4DD-AC31D20CC10D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

FirewallRules: [{BAD95CC6-29AE-4327-ACE1-374D1240975C}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe

FirewallRules: [{4A45DB08-22AE-4834-B1E1-20F1D81F2335}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe

FirewallRules: [TCP Query User{806F84B9-B459-4029-9C18-FA229C0244E9}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Block) C:\program files (x86)\dell\stage remote\stageremoteservice.exe

FirewallRules: [UDP Query User{812E0DA8-0166-4256-8BA0-E39439204A15}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Block) C:\program files (x86)\dell\stage remote\stageremoteservice.exe

FirewallRules: [{6B05FADB-61C9-44B7-82CF-0192B6BF6DE3}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

FirewallRules: [{87F08B9B-1401-4A9A-87D7-475E404BC5F7}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe

FirewallRules: [{DFEAAD35-A112-4679-A5F7-83B2E9B7E714}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

FirewallRules: [{4A72A317-C8F5-444F-90EA-0BEE6D8C4033}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe

FirewallRules: [{DAF8D595-A1F2-44F9-AC84-01ACDFC7B13F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe

FirewallRules: [{4BFB8D04-12C1-4CEC-83C4-987B2D43AE26}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

FirewallRules: [{9A94409B-7081-4B71-923C-F733B8192BA6}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe

FirewallRules: [{ACC4A69A-2989-4D1B-8964-3E4BBAFDB78F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

FirewallRules: [{4E0D3DB8-55EA-4C6D-AE7F-5F0B5C5ED586}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

FirewallRules: [{4C946B9F-E4F6-4A9B-B500-92490CAC4D95}] => (Allow) C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{43605DA4-3BC8-4B5F-8EF6-D28A158AFE8A}] => (Allow) C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{536C80C9-AFF3-4168-A859-FC9C81169FB3}C:\users\yvonne\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yvonne\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{6FD77807-499C-4B43-A5EB-ACF96FD8850E}C:\users\yvonne\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\yvonne\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{D29CABD3-E590-4CAF-B6D5-BD5E0B194BDF}] => (Allow) LPort=7935

FirewallRules: [{117FAD51-46CF-4B89-8F99-78E89D685086}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe

FirewallRules: [{E21376CD-ABF9-46B8-BD16-64D15BFB67B1}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe

FirewallRules: [{46E211DF-FCB2-4306-A777-400A18CF2EB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

FirewallRules: [{FDB5480A-CB1B-4C1B-A8B0-50082EFD7FE8}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

FirewallRules: [{A2F43862-BEFF-44A0-B9AF-798DEA808648}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

FirewallRules: [{217F775D-4923-42F5-BFC6-11F8064B647E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe

FirewallRules: [{B4BCD558-F415-4628-A681-E2B8A384D4EB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

FirewallRules: [{4EC7A5E2-0770-4BDC-9A01-FD3863489F7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

FirewallRules: [{145EF0BC-A2DE-47A8-95E5-C216BE2A3FE2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: YVONNE

Description:

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer:

Service: WUDFRd

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: E:\

Description: Multi-Card

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Epson Mass Storage Device

Description: Epson Mass Storage Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Epson

Service: USBSTOR

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HTTP

Description: HTTP

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: HTTP

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/30/2015 07:20:20 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (06/30/2015 07:20:13 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (06/30/2015 06:45:20 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

Details:

This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (06/30/2015 06:40:21 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

Details:

Not enough storage is available to process this command. (HRESULT : 0x80070008) (0x80070008)

Error: (06/30/2015 06:39:55 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

Details:

This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (06/30/2015 06:20:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

Error: (06/30/2015 06:05:01 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x81000101).

Error: (06/30/2015 05:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 05:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: loggingserver.exe, version: 4.0.0.9, time stamp: 0x51d41c91

Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317

Exception code: 0xc0000005

Fault offset: 0x000332ed

Faulting process id: 0x8ac

Faulting application start time: 0xloggingserver.exe0

Faulting application path: loggingserver.exe1

Faulting module path: loggingserver.exe2

Report Id: loggingserver.exe3

Error: (06/30/2015 05:52:08 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

System errors:

=============

Error: (06/30/2015 09:54:03 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1450

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error:

%%1450

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The srvnet service failed to start due to the following error:

%%1450

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:

%%1068

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1068

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:

%%1068

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:

%%1068

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:

%%1450

Error: (06/30/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1450

Microsoft Office:

=========================

Error: (06/30/2015 07:20:20 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x80070008

Error: (06/30/2015 07:20:13 PM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe0

Error: (06/30/2015 06:45:20 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description:

Details:

This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (06/30/2015 06:40:21 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description:

Details:

Not enough storage is available to process this command. (HRESULT : 0x80070008) (0x80070008)

Error: (06/30/2015 06:39:55 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description:

Details:

This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (06/30/2015 06:20:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x8007000e

Error: (06/30/2015 06:05:01 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeTweaking.com - Windows Repair0x81000101

Error: (06/30/2015 05:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 05:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: loggingserver.exe4.0.0.951d41c91ntdll.dll6.1.7601.1886955636317c0000005000332ed8ac01d0b35524d82d40C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exeC:\Windows\SysWOW64\ntdll.dll7088ad54-1f48-11e5-975c-7845c42529be

Error: (06/30/2015 05:52:08 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz

Percentage of memory in use: 93%

Total physical RAM: 3974.15 MB

Available physical RAM: 238.55 MB

Total Pagefile: 15894.82 MB

Available Pagefile: 199.98 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.37 GB) (Free:745.7 GB) NTFS

Drive f: (YVONNE) (Removable) (Total:7.22 GB) (Free:7.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 6C6B85D2)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=14.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (Size: 7.2 GB) (Disk ID: 04030201)

Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of log ============================

FSS log

Farbar Service Scanner Version: 17-01-2015

Ran by Yvonne (administrator) on 30-06-2015 at 22:30:46

Running from "C:\Users\Yvonne\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

IE proxy is enabled.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#18
DanoNH

Posted 01 July 2015 - 09:50 AM

Trusted Helper

Malware Removal
2,155 posts

Thank you, can you try the Windows AIO Repair instructions in Safe Mode please? Then we'll try a FRST fix afterwards.

First
Create a manual System Restore point.

Please download the attached file named ManualRestorePoint.vbs.txt here and save it to your Desktop: ManualRestorePoint.vbs.txt 722bytes 220 downloads
Rename the file to just ManualRestorePoint.vbs (removing the ".txt" from the end of the name).
Double-click on the file to run it.
If you encounter errors, please stop right here and let me know.

Second
Boot into Safe Mode with Networkng

Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.

Turn your computer off through Shut Down.
Wait a few seconds, then turn it back on.
Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
Keep pressing it until the Windows Advanced Options Menu loads up.
Make sure 'Safe Mode with Networking' is selected, navigate to it by using the arrow keys.
Press enter, and your computer will start booting into Safe Mode with Networking.

Third
Run Windows Repair (All In One) from a USB Flash Drive

Still in Safe Mode, and using the Infected computer:

Insert the USB stick with Windows AIO on it.
Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" :
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
  NOTE: The below image is only for a reference. Please select the following items:
  - 01 - Reset Registry Permissions
  - 03 - Reset Service Permissions
  - 04 - Register System Files
  - 05 - Repair WMI
  - 06 - Repair Windows Firewall
  - 07 - Repair Internet Explorer
  - 08 - Repair MDAC/MS Jet
  - 09 - Repair Hosts File
  - 10 - Remove Policies Set by Infections
  - 13 - Repair Winsock & DNS Cache
  - 14 - Remove Temp Files
  - 15 - Repair Proxy Settings
  - 16 - Unhide Non System Files
  - 17 - Repair Windows Updates
  - 19 - Repair Volume Shadow Copy Service
  - 26 - Restore Important Windows Services
  - 27 - Set Windows Services to Default Startup
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
The computer should reboot automatically.

Fourth
Run a FRST Fix

Download the attached fixlist.txt file and save it to your USB stick: fixlist.txt 3.72KB 183 downloads
Plug the USB stick into the infected computer, and copy the fixlist.txt file over to the Desktop.

(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Finally
In your next reply, please copy/paste the contents of the following logs:

Windows AIO Repair log
FRST fixlog.txt

And tell me how the system is running (if the Internet is finally working again).

#19
eevie

Posted 01 July 2015 - 11:26 AM

Member

Topic Starter
Member
27 posts

Thanks

I have turned on and am getting the same error messages re AVG, I have just closed this window, and RegSvr32 which I click ok. The computer has logged on a little more quickly, but windows explorer has taken a couple of minutes to load.

I have double clicked on the manual restore and I get an error message - can't find script engine "VBScript" for script "C:\Users\Yvonne\Desktop\ManualRestorePoint.vbs".

Hard drive is still working whilst I'm not doing anything. I have now shut down, the computer tried to shut down for 10 minutes with nothing happening except the hard drive working, so I shut it by pressing in the off button.

Edited by eevie, 01 July 2015 - 11:32 AM.

#20
DanoNH

Posted 01 July 2015 - 01:44 PM

Trusted Helper

Malware Removal
2,155 posts

OK, thanks for stopping like I asked.

Please try this as an alternate to the First step in my last instructions then:

Create a restore point for Windows 7

Click on the Start Orb
Select Control Panel > System
In the left column, select System Protection
At the bottom right of the System Properties window, click the button labelled Create...
Enter a description for the Restore Point.
Click the Create button
If this is successful, then please continue with the Second step in my last instructions (Post #18)

#21
eevie

Posted 01 July 2015 - 02:35 PM

Member

Topic Starter
Member
27 posts

I got an error message: The restore point could not be created for the following reason: The creation of a shadow copy has timed out. Try this operation again. (0x81000101) Please try again.

I'm giving it another try

Now that window has finished I'm back to system properties. Do I assume it's created the restore?

I've closed the system protection window, so it's back to the system window. An error message dwm.exe - application error window has appeared, but the window is blank and the button has no writing on it. It may be doing something, the hard drive is working more but nothing is happening.

Edited by eevie, 01 July 2015 - 02:46 PM.

#22
DanoNH

Posted 01 July 2015 - 03:46 PM

Trusted Helper

Malware Removal
2,155 posts

Can you go back to Control Panel > System > System Protection > System Properties and click the System Restore button?

See if the most recent one listed as Recommended is the one you just created, and let me know.

#23
eevie

Posted 01 July 2015 - 03:53 PM

Member

Topic Starter
Member
27 posts

I tried this to check before I switched off, by accessing sytem restore from the search box, It will not open up sytem restore. I tried 3 times, each time it took a few minutes for the menu option to appear after I typed it in the search. When I click to open nothing happens.

I'll try again

Edited by eevie, 01 July 2015 - 03:56 PM.

#24
eevie

Posted 01 July 2015 - 03:58 PM

Member

Topic Starter
Member
27 posts

It says no restore points have been created.
I've tried again to create a restore point, but it's timed out.

Edited by eevie, 01 July 2015 - 04:11 PM.

#25
DanoNH

Posted 01 July 2015 - 04:26 PM

Trusted Helper

Malware Removal
2,155 posts

So you did get to the System Properties window and clicked the System Restore button then? Please

I need to consult with my colleagues so it may be a little while before I can get back to you. Thank you for your patience.

#26
DanoNH

Posted 01 July 2015 - 04:27 PM

Trusted Helper

Malware Removal
2,155 posts

Disregard the "Please" there on line 1... thanks!

#27
eevie

Posted 01 July 2015 - 04:29 PM

Member

Topic Starter
Member
27 posts

Hi, yes tried again, but won't create restore. Thanks for help. I've just shut down, this took 10 minutes!

#28
DanoNH

Posted 01 July 2015 - 04:31 PM

Trusted Helper

Malware Removal
2,155 posts

What version of Acronis do you have? Do you have a recent disk image made, or recent backups?

#29
DanoNH

Posted 01 July 2015 - 09:29 PM

Trusted Helper

Malware Removal
2,155 posts

OK, let's continue on here... The drive churning could be due to any of several things... Thanks for being patient.

I am re-posting some of the steps from Post #18 here for convenience, and because the FRST fixlist has been updated a bit. If you get stuck or have questions, please stop and let me know here.

First
Boot into Safe Mode with Networkng

Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.

Turn your computer off through Shut Down.
Wait a few seconds, then turn it back on.
Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
Keep pressing it until the Windows Advanced Options Menu loads up.
Make sure 'Safe Mode with Networking' is selected, navigate to it by using the arrow keys.
Press enter, and your computer will start booting into Safe Mode with Networking.

Second
Run Windows Repair (All In One) from a USB Flash Drive

Still in Safe Mode, and using the Infected computer:

Insert the USB stick with Windows AIO on it.
Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" :
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. (Note that System Restore will not work in Safe Mode.) Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
  
  NOTE: The above image is only an example. Please select the following items:
  - 01 - Reset Registry Permissions
  - 03 - Reset Service Permissions
  - 04 - Register System Files
  - 05 - Repair WMI
  - 06 - Repair Windows Firewall
  - 07 - Repair Internet Explorer
  - 08 - Repair MDAC/MS Jet
  - 09 - Repair Hosts File
  - 10 - Remove Policies Set by Infections
  - 13 - Repair Winsock & DNS Cache
  - 14 - Remove Temp Files
  - 15 - Repair Proxy Settings
  - 16 - Unhide Non System Files
  - 17 - Repair Windows Updates
  - 19 - Repair Volume Shadow Copy Service
  - 26 - Restore Important Windows Services
  - 27 - Set Windows Services to Default Startup
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
The computer should reboot automatically.

Third
Run a FRST Fix

From the clean computer, download the attached fixlist.txt file and save it to your USB stick: fixlist.txt 3.73KB 212 downloads
Plug the USB stick into the infected computer, and copy the fixlist.txt file over to the Desktop.

(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Finally
In your next reply, please copy/paste the contents of the following logs:

Windows AIO Repair log
FRST fixlog.txt

Let me know the make/model number of your computer.

And tell me how the system is running (if the Internet is finally working again).

#30
eevie

Posted 02 July 2015 - 03:20 AM

Member

Topic Starter
Member
27 posts

I got Acronis free with an external hard drive. I was going to use it to just update changed files to the hard drive, but I discovered on using it that this was a paid feature, so I didn't bother and I simply copy over my whole documents folder when I back up. I last backed up my files when my computer started to show the virus. Unfortunately I have not backed up any system files.

The computer took ages to load the usb after I inserted it, it said it was looking for drivers, after about 5 mins it appeared. I have run Run Windows Repair from a USB Flash Drive in Safe Mode. It took a while and then appeared to have finished. But Windows Explorer which is open is not loading properly, I can't see the contents of files in the right hand section. The hard drive is still busy.

I have removed the USB and put it in this computer. Am I safe in using this USB on my infected computer and then putting it into this clean one?

Because I am not sure if this worked as it should I have not carried on to the next step. It's taking ages to shut down.

Thanks

These are the logs:

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:06:19

Process Count: 23

Commit Total: 3.90 GB

Commit Limit: 7.76 GB

Commit Peak: 3.87 GB

Handle Count: 8537

Kernel Total: 260.75 MB

Kernel Paged: 186.61 MB

Kernel Non Paged: 74.15 MB

System Cache: 49.74 MB

Thread Count: 1321

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.63 GB(93.4306%)

Memory Avail.: 261.08 MB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.53 GB(90.9701%)

Memory Avail.: 358.86 MB

--------------------------------------------------------------------------------

Starting Repairs...

Started at (02/07/2015 09:30:30)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 131

01 - Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (02/07/2015 09:30:40)

Running Repair Under Current User Account

Done (02/07/2015 09:30:48)

01 - Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (02/07/2015 09:30:48)

Decompressing & Updating Windows Permission File services.txt

Done, 0.23 seconds.

Running Repair Under System Account

Done (02/07/2015 09:33:35)

01 - Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (02/07/2015 09:33:35)

Running Repair Under System Account

Done (02/07/2015 09:36:33)

03 - Reset Service Permissions

Start (02/07/2015 09:36:34)

Running Repair Under Current User Account

Running Repair Under System Account

The current repair has failed to start for over 30 sec.

Trying Again....

Running Repair Under System Account

The current repair has failed to start for over 30 sec.

Trying Again....

Running Repair Under System Account

Done (02/07/2015 09:46:34)

04 - Register System Files

Start (02/07/2015 09:46:36)

Running Repair Under Current User Account

Running Repair Under System Account

The system cannot execute the specified program.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,327 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Trojan horse psw generic 12 [Solved]

#16
DanoNH

Posted 29 June 2015 - 04:31 PM

Advertisements

#17
eevie

Posted 30 June 2015 - 03:42 PM

#18
DanoNH

Posted 01 July 2015 - 09:50 AM

#19
eevie

Posted 01 July 2015 - 11:26 AM

#20
DanoNH

Posted 01 July 2015 - 01:44 PM

#21
eevie

Posted 01 July 2015 - 02:35 PM

#22
DanoNH

Posted 01 July 2015 - 03:46 PM

#23
eevie

Posted 01 July 2015 - 03:53 PM

#24
eevie

Posted 01 July 2015 - 03:58 PM

#25
DanoNH

Posted 01 July 2015 - 04:26 PM

Advertisements

#26
DanoNH

Posted 01 July 2015 - 04:27 PM

#27
eevie

Posted 01 July 2015 - 04:29 PM

#28
DanoNH

Posted 01 July 2015 - 04:31 PM

#29
DanoNH

Posted 01 July 2015 - 09:29 PM

#30
eevie

Posted 02 July 2015 - 03:20 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Trojan horse psw generic 12 [Solved]

#16 DanoNH Posted 29 June 2015 - 04:31 PM

Advertisements

#17 eevie Posted 30 June 2015 - 03:42 PM

#18 DanoNH Posted 01 July 2015 - 09:50 AM

#19 eevie Posted 01 July 2015 - 11:26 AM

#20 DanoNH Posted 01 July 2015 - 01:44 PM

#21 eevie Posted 01 July 2015 - 02:35 PM

#22 DanoNH Posted 01 July 2015 - 03:46 PM

#23 eevie Posted 01 July 2015 - 03:53 PM

#24 eevie Posted 01 July 2015 - 03:58 PM

#25 DanoNH Posted 01 July 2015 - 04:26 PM

Advertisements

#26 DanoNH Posted 01 July 2015 - 04:27 PM

#27 eevie Posted 01 July 2015 - 04:29 PM

#28 DanoNH Posted 01 July 2015 - 04:31 PM

#29 DanoNH Posted 01 July 2015 - 09:29 PM

#30 eevie Posted 02 July 2015 - 03:20 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#16
DanoNH

Posted 29 June 2015 - 04:31 PM

#17
eevie

Posted 30 June 2015 - 03:42 PM

#18
DanoNH

Posted 01 July 2015 - 09:50 AM

#19
eevie

Posted 01 July 2015 - 11:26 AM

#20
DanoNH

Posted 01 July 2015 - 01:44 PM

#21
eevie

Posted 01 July 2015 - 02:35 PM

#22
DanoNH

Posted 01 July 2015 - 03:46 PM

#23
eevie

Posted 01 July 2015 - 03:53 PM

#24
eevie

Posted 01 July 2015 - 03:58 PM

#25
DanoNH

Posted 01 July 2015 - 04:26 PM

#26
DanoNH

Posted 01 July 2015 - 04:27 PM

#27
eevie

Posted 01 July 2015 - 04:29 PM

#28
DanoNH

Posted 01 July 2015 - 04:31 PM

#29
DanoNH

Posted 01 July 2015 - 09:29 PM

#30
eevie

Posted 02 July 2015 - 03:20 AM