Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse psw generic 12 [Solved]

avg generic psw trojan

  • This topic is locked This topic is locked

#31
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello eevie,
 
Sorry for any frustration you are experiencing and thank you for staying with this.  You should be fine copying logs on your USB stick. 

 

Yes, it does appear there are some serious issues with your system.  We are not out of options here though, so don't give up...

 

Before I post my next steps here, could you please answer these questions for me?  Thanks

  1. What is the make/model of your computer? (e.g. Dell Precision 4800, HP Pavilion P7-1154)
  2. Is there a Service Tag number or Express Service code or a similar sticker on the back?
  3. Do you know if the computer came with Windows Vista?
  4. Did you buy it or is it second-hand?
  5. Any other background information you can provide would be great...

  • 0

Advertisements


#32
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, no problem
It's a Dell Inspiron 660
F844NV1
33142400461
it was purchased directly from the Dell outlet a few years ago. It came pre loaded with Windows 7.
This is the first time I've had any problems with it. It is used for browsing the Internet and using Office applications. I don't use it for gaming. I am usually quite careful about downloading stuff, so not sure how it got on the computer. Thanks
  • 0

#33
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Thank you.  Have you ever ordered the recovery disk set from Dell before?  Have you ever run the Dell Backup & Recovery program to create your own rescue disk set?

 

You may eventually need to contact them to get the disks.   While I don't see it in your installed programs list, you might be able to install Dell Backup & Recovery and use that to restore your system, if we need to go that route.

 

But don't do that just yet, please

 

Try this next:

 

First
Clean Boot Windows 7

  • Visit this page
  • At the top of the page, click on the line that says "Windows 7 and Windows Vista"
  • Follow the steps down to the next sub-section, where it says "What is next when I have a clean boot environment?"
  • You will end up rebooting to a system running only Microsoft components.

Second
Run a FRST Fix

  • From the clean computer, download the attached fixlist.txt file and save it to your USB stick: Attached File  fixlist.txt   3.73KB   51 downloads
     
  • Plug the USB stick into the infected computer, and copy the fixlist.txt file over to the Desktop.

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST fixlog.txt

and

  • Answer my questions about ordering or creating your own recovery disks
  • Tell me if you get back Internet access.

:)

 

 


  • 0

#34
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi, thanks again for your time.

 

I have never ordered a recovery disc. I haven't run the Dell Backup & Recovery program.

 

It took a while to run through the clean boot instructions as the window kept going into not responding mode.  On restart it came up with the error - programs open - so I clicked force (close/shutdown? can't remember which).

 

Ok, followed all the procedures.  I still have no Internet access, - Unidentified Network, No Internet access. Computer is responding at a normal speed now and hard drive is not working so hard, but still working when nothing is hapenning.

 

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-07-03 10:32:10 Run:3

Running from C:\Users\Yvonne\Desktop

Loaded Profiles: Yvonne (Available Profiles: Yvonne)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe

(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [VarihImuje] => regsvr32.exe "C:\ProgramData\VarihImuje\LamutEzerp.jan"

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

SearchScopes: HKU\S-1-5-21-2680941182-924487306-1447265962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-09] (AVG)

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=hp

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\ psitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF SearchPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml [2015-06-09]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-09]

FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-07] (AVG Secure Search)

Task: {0887A2E6-BACD-4A11-A0F1-17300B0DB373} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&lang=en

Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

HKLM\...\Policies\Explorer: [NoControlPanel] 0

AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK

AlternateDataStreams: C:\Users\Yvonne\Local Settings:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\Application Data:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA:cBoXbkA0eiXwo9vkaRRNc9w

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state on

C:\ProgramData\VarihImuje

Hosts:

RemoveProxy:

CMD: ipconfig /flushdns

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

 

Processes closed successfully.

Restore point was successfully created.

C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found

C:\Program Files (x86)\PasswordBox\pbbtnService.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe => No running process found

C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe => No running process found

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VarihImuje => value not found.

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully

HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

Firefox homepage removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml => moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully.

C:\Program Files (x86)\PasswordBox\Firefox => moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully

PasswordBox => Service removed successfully

vToolbarUpdater18.4.0 => Service removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0887A2E6-BACD-4A11-A0F1-17300B0DB373}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0887A2E6-BACD-4A11-A0F1-17300B0DB373}" => key removed successfully

C:\Windows\System32\Tasks\Open Chrome => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome" => key removed successfully

C:\Windows\Tasks\Open Chrome.job => moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully

"C:\Users\Yvonne\Cookies" => ":0Zy52loBTbmGuAzjPMZllK" ADS not found.

"C:\Users\Yvonne\Local Settings" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

C:\Users\Yvonne\AppData\Local => ":WBO7yPmWULzqzMlNjH4WYx1" ADS removed successfully.

"C:\Users\Yvonne\AppData\Local\Application Data" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA => ":cBoXbkA0eiXwo9vkaRRNc9w" ADS removed successfully.

 

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

C:\ProgramData\VarihImuje => moved successfully.

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to connect to BITS - 0x80080005

 

========= End of CMD: =========

 

EmptyTemp: => 662.8 MB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 10:35:12 ====


  • 0

#35
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts
Hello eevie,
 
It looks like the fix took care of some important things.  How is the computer running?
 
Do you have access to the Internet now?
  • 0

#36
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The computer is very slow to start up, but it was quite slow before the virus. The programs are loading at normal speed. The hard drive is fairly quiet, but not completely, when nothing is happening. It still says unidentified network, so no internet access.
  • 0

#37
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello eevie,

We'll see if we can fix the Internet access issue once and for all now.  Let's again try that Windows AIO Repair again while we are running in Clean Boot mode. Then we'll check the system files out with a command line tool.

First
Using the Infected computer:

  • Insert the USB stick with Windows AIO on it.
  • Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
    • When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
      backup_zps9blpxusb.png
    • Now, select the Repairs tab, then click on the "Open Repairs" button:
      repairs_zpscvq674py.png
    • Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
    • In the list that it presents put a check (tick) in the following as follows:

      repair_selections2_zpsf8t0tzwz.png

      NOTE: The above image is only for a reference. Please select the following items:
      • 01 - Reset Registry Permissions
      • 03 - Reset Service Permissions
      • 04 - Register System Files
      • 05 - Repair WMI
      • 06 - Repair Windows Firewall
      • 07 - Repair Internet Explorer
      • 08 - Repair MDAC/MS Jet
      • 09 - Repair Hosts File
      • 10 - Remove Policies Set by Infections
      • 13 - Repair Winsock & DNS Cache
      • 14 - Remove Temp Files
      • 15 - Repair Proxy Settings
      • 16 - Unhide Non System Files
      • 17 - Repair Windows Updates
      • 19 - Repair Volume Shadow Copy Service
      • 26 - Restore Important Windows Services
      • 27 - Set Windows Services to Default Startup
    • Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
    • Then click on the Start Repairs button if it doesn't do it automatically
    • If it asks you to back up your system click Yes and continue
  • After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply (using your USB stick).
  • The computer should reboot automatically.

Second
Run sfc in Windows Vista/7

  • Open an elevated command prompt. To do that:
    1218d1239716938-elevated-command-prompt-
    • Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
  • A command window will open like the image below:
    6618d1232213165t-elevated-command-prompt
     
  • Highlight the command below, right click and then click Copy

    sfc /scannow
     
  • Right click next to the blinking cursor in the Command window and click Paste. This will put the command in the window and the command window should look like the image below:
    sfc.jpg
     
  • Press the Enter key. The command window will look kike the image below:
    2881161.png

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
     
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Write down the message you got so you can post it in your next reply.
  • Type exit and press the ENTER key to close the command window.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • Windows AIO Repair log

and

  • Tell me which message you got from the SFC tool.
  • Tell me how the system is running.

:)


  • 0

#38
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi

 

On switching on the computer I got this AVG error message: AVG Detection  Threat: general behaviour problem.  Object name: C:\windows\temp\temp97293.reg.  I have left this.

 

The command prompt took a long time to appear, then a window appeared asking to make changes to windows  command processor, I clicked yes.

I typed in at the prompt, it took ages to start the scan.  I had left the computer whilst it did this and on return it was in sleep mode, on waking up I had the message -Windows Resource Protection could not perform the requested operation.

 

The computer is working very slowly.  I have tried to open Word, it is not working, it throws up error messages and goes to not responding.  The resolution also has changed to a low resolution, large icons and text.

 

Here is the log:

 

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

 

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:13:47

 

Process Count: 41

Commit Total: 1.38 GB

Commit Limit: 7.76 GB

Commit Peak: 1.83 GB

Handle Count: 12324

Kernel Total: 323.75 MB

Kernel Paged: 242.04 MB

Kernel Non Paged: 81.71 MB

System Cache: 2.20 GB

Thread Count: 662

--------------------------------------------------------------------------------

 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.25 GB(32.2457%)

Memory Avail.: 2.63 GB

--------------------------------------------------------------------------------

 

Cleaning Memory Before Starting Repairs...

 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.13 GB(28.9907%)

Memory Avail.: 2.76 GB

--------------------------------------------------------------------------------

 

Starting Repairs...

   Started at (04/07/2015 11:46:19)

 

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 0

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (04/07/2015 11:46:20)

 

   Running Repair Under Current User Account

   Done (04/07/2015 11:46:32)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (04/07/2015 11:46:32)

 

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:50:09)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (04/07/2015 11:50:09)

 

   Running Repair Under System Account

   Done (04/07/2015 11:51:13)

 

03 - Reset Service Permissions

   Start (04/07/2015 11:51:13)

 

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:51:25)

 

04 - Register System Files

   Start (04/07/2015 11:51:25)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:51:48)

 

05 - Repair WMI

   Start (04/07/2015 11:51:48)

 

   Starting Security Center So We Can Export The Security Info.

 

   Exporting Antivirus Info...

   AVG AntiVirus Free Edition 2013 Exported.

 

   Exporting AntiSpyware Info...

   Windows Defender Exported.

   AVG AntiVirus Free Edition 2013 Exported.

 

   Exporting 3rd Party Firewall Info...

   No Firewall Products Reported.

 

   Running Repair Under Current User Account

   Done (04/07/2015 11:54:49)

 

06 - Repair Windows Firewall

   Start (04/07/2015 11:54:49)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.17 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:55:17)

 

07 - Repair Internet Explorer

   Start (04/07/2015 11:55:17)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:42)

 

08 - Repair MDAC/MS Jet

   Start (04/07/2015 11:55:42)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:50)

 

09 - Repair Hosts File

   Start (04/07/2015 11:55:50)

   Running Repair Under System Account

   Done (04/07/2015 11:55:52)

 

10 - Remove Policies Set By Infections

   Start (04/07/2015 11:55:52)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:54)

 

13 - Repair Winsock & DNS Cache

   Start (04/07/2015 11:55:54)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:56:10)

 

14 - Remove Temp Files

   Start (04/07/2015 11:56:10)

   Running Repair Under System Account

   Done (04/07/2015 11:56:11)

 

15 - Repair Proxy Settings

   Start (04/07/2015 11:56:11)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:56:13)

 

16 - Unhide Non System Files

   Start (04/07/2015 11:56:13)

   C:\ - Total Files Unhidden: 962 - Check Unhidden_Files.txt for list of files unhidden

   Done (04/07/2015 11:57:06)

 

17 - Repair Windows Updates

   Start (04/07/2015 11:57:06)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.17 seconds.

 

   Running Repair Under System Account

   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.

   Done (04/07/2015 11:58:01)

 

19 - Repair Volume Shadow Copy Service

   Start (04/07/2015 11:58:01)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.53 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:59:42)

 

26 - Restore Important Windows Services

   Start (04/07/2015 11:59:44)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  2.71 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 12:00:47)

 

27 - Set Windows Services To Default Startup

   Start (04/07/2015 12:00:47)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 12:01:14)

 

Cleaning up empty logs...

 

All Selected Repairs Done.

   Done at (04/07/2015 12:01:16)

   Total Repair Time: 00:14:59

 

 

...YOU MUST RESTART YOUR SYSTEM...


  • 0

#39
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

I understand your situation, eevie, and will be back with further steps.  Thanks for your patience... :)


  • 0

#40
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello eevie,

 

First I must apologize for how long this is taking, and commend you on your ability to follow instructions and report what is happening.  :spoton:

 

We need to take a step back here...  I'll have you run a System Restore for me, after which your system will reboot. 

 

Then I'll have you run a FRST fix, also requiring a reboot.

 

Then I'll have you run the Window AIO fix again.

 

Ready?

 

First

Restore your computer using System Restore

I would like you to use System Restore to roll your computer back to a saved checkpoint.
 

  • Click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818, and in the search box, type system restore
    18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • When you see System Restore show up in the list above, click on it.
  • System Restore opens
  • Click Next
  • Look for the Restore point created around 2015-07-03 10:32:10 (that's July 3rd at 10:32:28 AM).  I'm not sure what the comment will say.
  • If you found this restore point, go to step 9, otherwise, continue to step 7.
  • If you don't see it in the list it shows you, select the Show more restore points check box as shown below:
    SystemRestore-more_zps8b5ea39a.png
  • Look for the same restore point in step 5
  • Select the restore point in the list
  • Click Next
  • Click Finish
  • The restore operation should take place and reboot automatically to your login screen.  Once you login, you should soon see a message indicating whether or not System Restore completed successfully.
  • Let me know if System Restore worked properly or not.

Second
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   3.58KB   129 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Third

Run Windows Repair AIO

 

Using the Infected computer:

 

  • Insert the USB stick with Windows AIO on it.
  • Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
    • When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
      backup_zps9blpxusb.png
    • Now, select the Repairs tab, then click on the "Open Repairs" button:
      repairs_zpscvq674py.png
    • Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
    • In the list that it presents put a check (tick) in the following as follows:

      repair_selections2_zpsf8t0tzwz.png

      NOTE: The above image is only for a reference. Please select the following items:
      • 01 - Reset Registry Permissions
      • 03 - Reset Service Permissions
      • 04 - Register System Files
      • 05 - Repair WMI
      • 06 - Repair Windows Firewall
      • 07 - Repair Internet Explorer
      • 08 - Repair MDAC/MS Jet
      • 09 - Repair Hosts File
      • 10 - Remove Policies Set by Infections
      • 13 - Repair Winsock & DNS Cache
      • 14 - Remove Temp Files
      • 15 - Repair Proxy Settings
      • 16 - Unhide Non System Files
      • 17 - Repair Windows Updates
      • 19 - Repair Volume Shadow Copy Service
      • 26 - Restore Important Windows Services
      • 27 - Set Windows Services to Default Startup
    • Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
    • Then click on the Start Repairs button if it doesn't do it automatically
    • If it asks you to back up your system click Yes and continue
  • After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply (using your USB stick).
  • The computer should reboot automatically.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST fixlog.txt
  • Windows AIO log

And tell me how the system is running. :)


  • 0

Advertisements


#41
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi, thanks for persevering with this problem.

After restarting the computer the resolution has returned to normal and word seemed to work ok. 

 

System Restore did not complete successfully - unspecified error (0x80070003)

 

During windows repair this AVG error message appeared: AVG Detection,  Threat:  general behavioural detection, Object name: C:\windows\temp\temp48243.bat    I did nothing, after a short while it automatically changed to - Threat has been successfully removed.

 

The windows repair took a long time to complete and the computer would not  restart, I had to keep the off button depressed to turn off and then chose start windows normally.  The whole process took over 1.5 hours.  When the computer did restart it appeared to be working ok, but still no Internet access.

 

Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-07-04 23:27:26 Run:4

Running from C:\Users\Yvonne\Desktop

Loaded Profiles: Yvonne (Available Profiles: Yvonne)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe

(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [VarihImuje] => regsvr32.exe "C:\ProgramData\VarihImuje\LamutEzerp.jan"

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

SearchScopes: HKU\S-1-5-21-2680941182-924487306-1447265962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-09] (AVG)

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=hp

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\ psitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF SearchPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml [2015-06-09]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-09]

FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-07] (AVG Secure Search)

Task: {0887A2E6-BACD-4A11-A0F1-17300B0DB373} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&lang=en

Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

HKLM\...\Policies\Explorer: [NoControlPanel] 0

AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK

AlternateDataStreams: C:\Users\Yvonne\Local Settings:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\Application Data:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA:cBoXbkA0eiXwo9vkaRRNc9w

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state on

C:\ProgramData\VarihImuje

Hosts:

RemoveProxy:

CMD: ipconfig /flushdns

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

 

Processes closed successfully.

Restore point was successfully created.

C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found

C:\Program Files (x86)\PasswordBox\pbbtnService.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe => No running process found

C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe => No running process found

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VarihImuje => value not found.

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => key not found.

HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

Firefox homepage removed successfully

HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.

"C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml" => not found.

"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.

C:\Program Files (x86)\PasswordBox\Firefox not found.

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value not found.

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found.

PasswordBox => Service not found.

vToolbarUpdater18.4.0 => Service not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0887A2E6-BACD-4A11-A0F1-17300B0DB373} => key not found.

C:\Windows\System32\Tasks\Open Chrome not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome => key not found.

C:\Windows\Tasks\Open Chrome.job not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.

"C:\Users\Yvonne\Cookies" => ":0Zy52loBTbmGuAzjPMZllK" ADS not found.

"C:\Users\Yvonne\Local Settings" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

"C:\Users\Yvonne\AppData\Local" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

"C:\Users\Yvonne\AppData\Local\Application Data" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

"C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA" => ":cBoXbkA0eiXwo9vkaRRNc9w" ADS not found.

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

"C:\ProgramData\VarihImuje" => File/Folder not found.

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

 

========= RemoveProxy: =========

 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to connect to BITS - 0x80080005

 

========= End of CMD: =========

 

EmptyTemp: => 4.6 MB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 23:29:10 ====

 

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

 

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:13:47

 

Process Count: 41

Commit Total: 1.38 GB

Commit Limit: 7.76 GB

Commit Peak: 1.83 GB

Handle Count: 12324

Kernel Total: 323.75 MB

Kernel Paged: 242.04 MB

Kernel Non Paged: 81.71 MB

System Cache: 2.20 GB

Thread Count: 662

--------------------------------------------------------------------------------

 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.25 GB(32.2457%)

Memory Avail.: 2.63 GB

--------------------------------------------------------------------------------

 

Cleaning Memory Before Starting Repairs...

 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.13 GB(28.9907%)

Memory Avail.: 2.76 GB

--------------------------------------------------------------------------------

 

Starting Repairs...

   Started at (04/07/2015 11:46:19)

 

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 0

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (04/07/2015 11:46:20)

 

   Running Repair Under Current User Account

   Done (04/07/2015 11:46:32)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (04/07/2015 11:46:32)

 

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.14 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:50:09)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (04/07/2015 11:50:09)

 

   Running Repair Under System Account

   Done (04/07/2015 11:51:13)

 

03 - Reset Service Permissions

   Start (04/07/2015 11:51:13)

 

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:51:25)

 

04 - Register System Files

   Start (04/07/2015 11:51:25)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:51:48)

 

05 - Repair WMI

   Start (04/07/2015 11:51:48)

 

   Starting Security Center So We Can Export The Security Info.

 

   Exporting Antivirus Info...

   AVG AntiVirus Free Edition 2013 Exported.

 

   Exporting AntiSpyware Info...

   Windows Defender Exported.

   AVG AntiVirus Free Edition 2013 Exported.

 

   Exporting 3rd Party Firewall Info...

   No Firewall Products Reported.

 

   Running Repair Under Current User Account

   Done (04/07/2015 11:54:49)

 

06 - Repair Windows Firewall

   Start (04/07/2015 11:54:49)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.17 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:55:17)

 

07 - Repair Internet Explorer

   Start (04/07/2015 11:55:17)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:42)

 

08 - Repair MDAC/MS Jet

   Start (04/07/2015 11:55:42)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:50)

 

09 - Repair Hosts File

   Start (04/07/2015 11:55:50)

   Running Repair Under System Account

   Done (04/07/2015 11:55:52)

 

10 - Remove Policies Set By Infections

   Start (04/07/2015 11:55:52)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:55:54)

 

13 - Repair Winsock & DNS Cache

   Start (04/07/2015 11:55:54)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:56:10)

 

14 - Remove Temp Files

   Start (04/07/2015 11:56:10)

   Running Repair Under System Account

   Done (04/07/2015 11:56:11)

 

15 - Repair Proxy Settings

   Start (04/07/2015 11:56:11)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 11:56:13)

 

16 - Unhide Non System Files

   Start (04/07/2015 11:56:13)

   C:\ - Total Files Unhidden: 962 - Check Unhidden_Files.txt for list of files unhidden

   Done (04/07/2015 11:57:06)

 

17 - Repair Windows Updates

   Start (04/07/2015 11:57:06)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.17 seconds.

 

   Running Repair Under System Account

   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.

   Done (04/07/2015 11:58:01)

 

19 - Repair Volume Shadow Copy Service

   Start (04/07/2015 11:58:01)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  0.53 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 11:59:42)

 

26 - Restore Important Windows Services

   Start (04/07/2015 11:59:44)

   Running Repair Under Current User Account

 

Decompressing & Updating Windows Permission File services.txt

Done,  2.71 seconds.

 

   Running Repair Under System Account

   Done (04/07/2015 12:00:47)

 

27 - Set Windows Services To Default Startup

   Start (04/07/2015 12:00:47)

   Running Repair Under Current User Account

   Running Repair Under System Account

   Done (04/07/2015 12:01:14)

 

Cleaning up empty logs...

 

All Selected Repairs Done.

   Done at (04/07/2015 12:01:16)

   Total Repair Time: 00:14:59

 

 

...YOU MUST RESTART YOUR SYSTEM...


  • 0

#42
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, thanks for the help. Just to let you know, I will be away from my computer until Wednesday morning. I can follow any instructions you have left then. I am not sure where you are, I think you are between 5 and 8 hours behind us here on BST. Hopefully I can catch up then and sort out my poor computer. I still don't know how I managed to get the virus, obviously I didn't take enough care and was maybe not vigilant enough when I was in a hurry to do something. Thanks again.
  • 0

#43
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello eevie,

 

Thanks for letting me know you'll be away.  :)

 

Here are our next steps, for when you have returned and are ready.  The Windows AIO instructions are the same as the Third step I provided in Post #40 but if you get prompted to allow or run a batch file like you were upon reboot, please allow it.  I believe it's Windows Repair AIO trying to make prepared changes to your system, which should get back Internet access.  AVG is not helping us here it seems. :no:

 

(Note: If you do get Internet access back as a result of running Windows Repair (and allowing any prompts you see on reboot), then the Second and Third steps below can be completed directly using the computer we're fixing, instead of using your USB stick.)

 

First
Please disable your AVG software, and run the last Windows Repair AIO steps again from Post #40 (under the Third step).

Second

Run Junkware Removal Tool:

 

Make sure AVG is disabled still, and not set to automatically re-enable itself.

Please download Junkware Removal Tool to your USB stick and copy it over to the infected machine's Desktop.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Third
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to your USB stick and copy it over to the infected machine's Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

 

Make sure AVG is disabled still, and not set to automatically re-enable itself.

 

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Fourth
Run FRST

Please download Farbar Recovery Scan Tool and save it to your USB stick and copy it over to the infected machine's Desktop.
(http://www.bleepingc...very-scan-tool/)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
  • Make sure the Addition.txt check-box is checked.
    FRST_ScanAddl_zpssilwkotz.png
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the contents of both of those logs back here.

Finally
In your next reply, please copy/paste the contents of the following logs:


  • Windows Repair AIO log
  • JRT log
  • AdwCleaner log
  • FRST logs (FRST.txt and Addition.txt)

 

And tell me how the system is running. :)


  • 0

#44
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello eevie,

 

Just wondering what your status is.  Maybe you forgot about the thread here? 

 

;)


  • 0

#45
eevie

eevie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi. sorry no, I had not forgotten, I did start following the instructions yesterday evening, but it took so long that I had to leave it until today.

The computer is working very slowly and after each of the instructions running the software the computer became quite unresponsive, so I had to force shutdown each time and then choose start windows normally.  I have just about managed to complete the tasks.  The computer has thrown up a few error messages and my windows explorer icon on the taskbar has changed to something that looks like a white piece of paper and when clicked it says not available ( I think)  I can get to windows explorer via the keyboard shortcut.  Before it did this is was showing my 2 memory sticks as being empty, when restarted the files showed, but still no windows explorer from the task bar.  I had trouble saving the jrt log to my stick, it just wouldn't do either File - Save as to the stick drive neither would it click and drag to the drive.  To move to the next step I had to force shut down.  I forgot to look again for this file, so I'll post this and restart the computer to see if I can find it.  I have glanced over these logs, I don't know what you have to look for , but one thing that has me slightly concerned is that ADWCleaner seemed to be running from here: C:\Users\Yvonne\Documents\4 house 15 Victoria Road\House documents\AdwCleaner.exe

 

 

Here are the logs

 

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

 

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

 

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:13:58

 

Process Count: 46

Commit Total: 8.20 GB

Commit Limit: 8.88 GB

Commit Peak: 8.20 GB

Handle Count: 16319

Kernel Total: 356.04 MB

Kernel Paged: 204.11 MB

Kernel Non Paged: 151.93 MB

System Cache: 45.34 MB

Thread Count: 1695

--------------------------------------------------------------------------------

 

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.08 GB(79.2941%)

Memory Avail.: 822.88 MB

--------------------------------------------------------------------------------

 

Cleaning Memory Before Starting Repairs...

 

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 3.10 GB(79.7694%)

Memory Avail.: 804.00 MB

--------------------------------------------------------------------------------

 

Starting Repairs...

   Started at (08/07/2015 21:57:54)

 

 

The current repair has failed to start for over 30 sec.

Trying Again....

 

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 0

 

01 - Reset Registry Permissions 01/03

   HKEY_CURRENT_USER & Sub Keys

   Start (08/07/2015 21:59:45)

 

   Running Repair Under Current User Account

   Done (08/07/2015 22:01:10)

 

01 - Reset Registry Permissions 02/03

   HKEY_LOCAL_MACHINE & Sub Keys

   Start (08/07/2015 22:01:10)

 

 

Decompressing & Updating Windows Permission File services.txt

Done,  8.55 seconds.

 

   Running Repair Under System Account

   Done (08/07/2015 22:30:38)

 

01 - Reset Registry Permissions 03/03

   HKEY_CLASSES_ROOT & Sub Keys

   Start (08/07/2015 22:30:43)

 

   Running Repair Under System Account

 

 

# AdwCleaner v3.311 - Report created 03/10/2014 at 18:44:34

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Yvonne - YVONNE-PC

# Running from : C:\Users\Yvonne\Documents\4 house 15 Victoria Road\House documents\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Found : C:\Program Files (x86)\AVG Security Toolbar

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\AVG SafeGuard toolbar

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\Users\Yvonne\AppData\Local\AVG SafeGuard toolbar

Folder Found : C:\Users\Yvonne\AppData\Local\PackageAware

Folder Found : C:\Users\Yvonne\AppData\LocalLow\AVG SafeGuard toolbar

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AVG SafeGuard toolbar

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar

Key Found : [x64] HKCU\Software\AVG Security Toolbar

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v32.0.3 (x86 en-GB)

 

[ File : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\prefs.js ]

 

Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

 

-\\ Google Chrome v37.0.2062.124

 

[ File : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [6709 octets] - [03/10/2014 18:44:34]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6769 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015

Ran by Yvonne (administrator) on YVONNE-PC on 09-07-2015 20:23:52

Running from C:\Users\Yvonne\Desktop

Loaded Profiles: Yvonne (Available Profiles: Yvonne)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-08-30] ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} ->  No File

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)

DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://magnetplanner...X_WEB_Win32.cab

 

FireFox:

========

FF ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default

FF NewTab: https://www.google.co.uk/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)

FF Extension: AVG Web TuneUp - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\Extensions\[email protected] [2015-06-09]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PasswordBox\Firefox

 

Chrome:

=======

CHR Profile: C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]

CHR Extension: (Google Docs) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]

CHR Extension: (Google Drive) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-26]

CHR Extension: (YouTube) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]

CHR Extension: (Google Search) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]

CHR Extension: (Google Sheets) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]

CHR Extension: (Bookmark Manager) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]

CHR Extension: (Google Wallet) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Gmail) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Yvonne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-20]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S4 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-06-09] ()

S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AFD; C:\Windows\system32\drivers\afd.sys [79672 2015-06-24] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-16] (AVG Technologies)

S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [79672 2015-06-24] (AVG Technologies CZ, s.r.o.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-09 19:34 - 2015-07-08 22:04 - 02244096 _____ C:\Users\Yvonne\Desktop\AdwCleaner.exe

2015-07-08 22:51 - 2015-07-08 22:03 - 02953707 _____ (Malwarebytes Corporation) C:\Users\Yvonne\Desktop\JRT.exe

2015-07-04 23:10 - 2015-07-04 23:10 - 666839443 _____ C:\Windows\MEMORY.DMP

2015-07-04 23:10 - 2015-07-04 23:10 - 00279040 _____ C:\Windows\Minidump\070415-33758-01.dmp

2015-07-03 10:13 - 2015-07-03 10:13 - 00000000 ____D C:\Windows\pss

2015-07-03 09:55 - 2015-07-03 09:56 - 00000000 _____ C:\Users\Yvonne\AppData\Local\{6A5523B9-3D4A-421C-A166-86C9F4480B3E}

2015-07-01 18:16 - 2015-07-01 18:06 - 00000722 _____ C:\Users\Yvonne\Desktop\ManualRestorePoint.vbs

2015-06-30 22:30 - 2015-06-30 22:31 - 00002826 _____ C:\Users\Yvonne\Desktop\FSS.txt

2015-06-30 22:23 - 2015-06-30 22:28 - 00037230 _____ C:\Users\Yvonne\Desktop\Addition.txt

2015-06-30 22:10 - 2015-07-09 20:29 - 00011837 _____ C:\Users\Yvonne\Desktop\FRST.txt

2015-06-30 19:07 - 2015-06-30 19:07 - 00004255 _____ C:\Windows\SysWOW64\SystemData.xml

2015-06-30 17:54 - 2015-06-30 17:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-YVONNE-PC-Windows-7-Home-Premium-(64-bit).dat

2015-06-30 17:54 - 2015-06-30 17:54 - 00000000 ____D C:\RegBackup

2015-06-30 04:00 - 2015-06-30 04:00 - 00000000 ____D C:\Windows\system32\config\HiveBackup

2015-06-29 21:43 - 2015-06-29 21:43 - 00000000 _____ C:\Users\Yvonne\AppData\Local\{B7BB013A-3524-4159-818F-FE6EA4F85E4E}

2015-06-28 20:49 - 2015-06-28 20:53 - 00415232 ____N (Farbar) C:\Users\Yvonne\Desktop\FSS.exe

2015-06-25 18:39 - 2015-06-25 18:39 - 00005148 _____ C:\Users\Yvonne\Documents\avl log.csv

2015-06-25 18:37 - 2015-06-25 18:37 - 00000538 _____ C:\Users\Yvonne\Documents\dot.csv

2015-06-24 21:00 - 2015-07-09 20:24 - 00000000 ____D C:\FRST

2015-06-24 21:00 - 2015-06-24 21:00 - 02112512 _____ (Farbar) C:\Users\Yvonne\Desktop\FRST64.exe

2015-06-24 20:35 - 2015-06-24 20:35 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-06-24 20:20 - 2015-06-24 20:20 - 05200384 _____ (AVAST Software) C:\Users\Yvonne\Desktop\aswmbr.exe

2015-06-24 20:15 - 2015-06-24 20:18 - 00002422 _____ C:\Users\Yvonne\Desktop\Rkill.txt

2015-06-24 20:14 - 2015-06-24 20:14 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Yvonne\Desktop\rkill.com

2015-06-24 20:00 - 2015-07-04 12:07 - 00003148 _____ C:\Windows\PFRO.log

2015-06-23 19:49 - 2015-06-27 20:37 - 00000000 ___SD C:\ComboFix

2015-06-23 19:48 - 2015-06-23 19:49 - 00000000 ____D C:\Qoobox

2015-06-23 19:46 - 2015-06-23 19:46 - 00000000 ____D C:\Windows\erdnt

2015-06-23 19:36 - 2015-06-23 19:36 - 00014320 _____ C:\Users\Yvonne\Documents\cc_20150623_193638.reg

2015-06-23 15:34 - 2015-07-09 20:19 - 00001994 _____ C:\Windows\setupact.log

2015-06-23 15:34 - 2015-06-23 15:34 - 00000000 _____ C:\Windows\setuperr.log

2015-06-20 12:35 - 2015-06-27 20:37 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-06-20 12:34 - 2015-06-24 20:39 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000UA.job

2015-06-20 12:34 - 2015-06-23 14:06 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000Core.job

2015-06-20 12:34 - 2015-06-20 12:34 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000UA

2015-06-20 12:34 - 2015-06-20 12:34 - 00003498 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000Core

2015-06-20 12:34 - 2015-06-20 12:34 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Dropbox

2015-06-20 12:34 - 2015-06-20 12:34 - 00000000 ____D C:\ProgramData\Dropbox

2015-06-09 23:18 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-06-09 23:18 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-06-09 23:18 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-06-09 23:18 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-06-09 23:18 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-06-09 23:18 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-06-09 23:18 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-06-09 23:18 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-06-09 23:18 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-06-09 23:18 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-06-09 23:18 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-06-09 23:18 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-06-09 23:18 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-06-09 23:18 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-06-09 23:18 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-06-09 23:18 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-06-09 23:18 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-06-09 23:18 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-06-09 23:18 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-06-09 23:18 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-06-09 23:18 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-06-09 23:18 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-06-09 23:18 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-06-09 23:18 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-06-09 23:18 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-06-09 23:18 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-06-09 23:18 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-06-09 23:18 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-06-09 23:18 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-06-09 23:18 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-06-09 23:18 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-06-09 23:18 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-06-09 23:18 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-06-09 23:18 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-06-09 23:18 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-06-09 23:18 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-06-09 23:18 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-06-09 23:18 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-06-09 23:18 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-06-09 23:18 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-06-09 23:18 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-06-09 23:18 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-06-09 23:18 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-06-09 23:18 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-06-09 23:18 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-06-09 23:18 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-06-09 23:18 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-06-09 23:18 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-06-09 23:18 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-06-09 23:18 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-06-09 23:18 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-06-09 23:18 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-06-09 23:18 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-06-09 23:18 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-06-09 23:18 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-06-09 23:18 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-06-09 23:18 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-06-09 23:18 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-06-09 23:18 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-06-09 23:18 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-06-09 23:18 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-06-09 23:18 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-06-09 23:18 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-06-09 23:18 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-06-09 23:18 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-06-09 23:18 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-06-09 23:18 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-06-09 23:18 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-06-09 23:18 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-06-09 23:18 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-06-09 23:17 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-06-09 23:17 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-06-09 23:17 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-06-09 23:17 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-06-09 23:17 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-06-09 23:17 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-06-09 23:17 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-06-09 23:17 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-06-09 23:17 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-06-09 23:17 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-06-09 23:17 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-06-09 23:17 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:11 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-06-09 23:17 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-06-09 23:17 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-06-09 23:17 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-06-09 23:17 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-06-09 23:17 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-06-09 23:17 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-06-09 23:17 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-06-09 23:17 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-06-09 23:17 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-06-09 23:17 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-06-09 23:17 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-06-09 23:17 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-06-09 23:17 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-06-09 23:17 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-06-09 23:17 - 2015-05-25 17:48 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 17:48 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 17:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-06-09 23:17 - 2015-05-25 17:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-06-09 23:17 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-06-09 23:17 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-06-09 23:17 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-06-09 23:17 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-06-09 23:17 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2015-06-09 23:17 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

2015-06-09 23:05 - 2015-06-27 20:37 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

2015-06-09 17:57 - 2015-06-09 17:57 - 00000000 ____D C:\Users\Yvonne\AppData\Local\GWX

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-09 20:25 - 2013-04-21 18:14 - 00000000 ____D C:\ProgramData\MFAData

2015-07-09 20:24 - 2009-07-14 05:45 - 00028352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-09 20:24 - 2009-07-14 05:45 - 00028352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-09 20:23 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-09 20:22 - 2012-08-17 13:04 - 01463141 _____ C:\Windows\WindowsUpdate.log

2015-07-09 20:19 - 2009-07-14 06:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-07-09 20:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-09 19:38 - 2014-10-03 18:44 - 00000000 ____D C:\AdwCleaner

2015-07-08 22:44 - 2009-07-14 05:45 - 05100272 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-04 23:46 - 2009-07-14 03:34 - 00000546 _____ C:\Windows\win.ini

2015-07-04 23:28 - 2009-07-14 03:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts_bak_515

2015-07-04 23:10 - 2014-08-16 15:22 - 00000000 ____D C:\Windows\Minidump

2015-07-03 23:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2015-07-03 10:32 - 2013-11-21 23:16 - 00000000 ____D C:\Program Files (x86)\PasswordBox

2015-07-03 10:32 - 2009-07-14 03:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts_bak_264

2015-07-03 09:53 - 2012-11-28 21:01 - 00109296 _____ C:\Users\Yvonne\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-03 09:52 - 2012-11-30 20:59 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Adobe

2015-07-03 09:52 - 2012-08-17 11:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2015-07-03 09:52 - 2012-08-17 11:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2015-07-03 09:52 - 2012-08-17 11:30 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2015-06-27 20:37 - 2015-06-08 17:38 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Audacity

2015-06-27 20:37 - 2015-06-08 17:37 - 00000000 ____D C:\Program Files (x86)\Audacity

2015-06-27 20:37 - 2015-05-07 18:54 - 00000000 ____D C:\Users\Yvonne\AppData\Local\AVG Web TuneUp

2015-06-27 20:37 - 2015-01-06 15:35 - 00000000 ____D C:\Users\Yvonne\Documents\memory stick 6 jan delete

2015-06-27 20:37 - 2013-11-21 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-06-27 20:37 - 2013-08-17 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-06-27 20:37 - 2013-05-02 20:48 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Dropbox

2015-06-27 20:37 - 2012-11-28 21:05 - 00000000 ____D C:\Users\Yvonne\AppData\Local\VirtualStore

2015-06-27 20:37 - 2012-11-28 21:01 - 00000000 ____D C:\Users\Yvonne

2015-06-27 20:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat

2015-06-27 20:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2015-06-27 20:36 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-06-27 20:36 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX

2015-06-27 20:36 - 2014-12-15 10:06 - 00000000 ____D C:\Windows\system32\appraiser

2015-06-27 20:36 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-06-27 20:36 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-06-27 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool

2015-06-27 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing

2015-06-27 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2015-06-27 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2015-06-27 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-25 18:33 - 2012-08-17 11:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-24 21:24 - 2012-11-29 21:45 - 00000000 ____D C:\Users\Yvonne\Documents\Outlook Files

2015-06-24 21:21 - 2013-05-02 20:50 - 00000000 ___RD C:\Users\Yvonne\Dropbox

2015-06-24 20:35 - 2012-08-17 11:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-24 20:35 - 2012-08-17 11:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-24 20:35 - 2012-08-17 11:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-24 20:31 - 2013-08-17 12:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-24 20:03 - 2013-08-17 12:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-24 20:00 - 2014-07-09 11:11 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\AFD.SYS

2015-06-24 20:00 - 2009-07-14 01:10 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\WS2IFSL.SYS

2015-06-23 20:04 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2015-06-22 18:18 - 2012-11-28 20:34 - 00000000 ____D C:\Users\Yvonne\Documents\1 YVONNE

2015-06-10 18:51 - 2014-11-14 17:10 - 00000000 __SHD C:\Users\Yvonne\AppData\Local\EmieBrowserModeList

2015-06-10 18:51 - 2014-05-09 16:10 - 00000000 __SHD C:\Users\Yvonne\AppData\Local\EmieUserList

2015-06-10 18:51 - 2014-05-09 16:10 - 00000000 __SHD C:\Users\Yvonne\AppData\Local\EmieSiteList

2015-06-09 23:29 - 2012-11-28 22:44 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-09 23:27 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT

2015-06-09 23:22 - 2013-01-21 17:24 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2013-05-27 18:35 - 2014-06-02 18:50 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

2015-07-03 09:55 - 2015-07-03 09:56 - 0000000 _____ () C:\Users\Yvonne\AppData\Local\{6A5523B9-3D4A-421C-A166-86C9F4480B3E}

2015-06-29 21:43 - 2015-06-29 21:43 - 0000000 _____ () C:\Users\Yvonne\AppData\Local\{B7BB013A-3524-4159-818F-FE6EA4F85E4E}

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-06-13 11:27

 

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-07-09 20:31:29

Running from C:\Users\Yvonne\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2680941182-924487306-1447265962-500 - Administrator - Disabled)

Guest (S-1-5-21-2680941182-924487306-1447265962-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2680941182-924487306-1447265962-1002 - Limited - Enabled)

Yvonne (S-1-5-21-2680941182-924487306-1447265962-1000 - Administrator - Enabled) => C:\Users\Yvonne

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acronis True Image Personal (HKLM-x32\...\{A7D5787B-3A91-4433-A753-CFE520671683}) (Version: 13.0.12043 - Acronis)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

ArcSoft ShowBiz DVD 2 (HKLM-x32\...\{A9FC434F-9950-487C-82F1-E1515FA70DA4}) (Version:  - ArcSoft)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)

AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.4311 - AVG Technologies) Hidden

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)

CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)

Data Doctor Recovery - SIM Card (Demo) (HKLM-x32\...\{56FE9BA1-FD2F-4C78-9FA0-6EBA28B22905}_is1) (Version: 5.4.1.2 - Pro Data Doctor Pvt. Ltd.)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)

Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)

Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)

Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)

Dropbox (HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 33.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-GB)) (Version: 33.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

USB Video/Audio Driver (HKLM-x32\...\InstallShield_{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}) (Version: 1.00.0000 - )

USB Video/Audio Driver (x32 Version: 1.00.0000 - ) Hidden

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Wondershare Dr.Fone for Android(Build 2.0.0.15) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 2.0.0.15 - Wondershare Software Co.,Ltd.)

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2680941182-924487306-1447265962-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

 

==================== Restore Points =========================

 

04-07-2015 23:15:48 Restore Operation

04-07-2015 23:27:26 Restore Point Created by FRST

04-07-2015 23:33:44 Tweaking.com - Windows Repair

08-07-2015 21:47:57 Tweaking.com - Windows Repair

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2015-07-04 23:47 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0D30F40D-7D67-4381-8F57-E6D58C963CD6} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)

Task: {116836AD-F61C-4783-AE24-1B74EB8FF170} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {14412581-7CD5-4747-9E48-140D4644C1DE} - \Microsoft\Windows\Setup\GWXTriggers\Logon No Task File <==== ATTENTION

Task: {26CA0CDE-97AB-4406-AB1C-3626DC08D6A0} - \1114avUpdateInfo No Task File <==== ATTENTION

Task: {43983933-3787-4442-872C-5B65A2FDFEFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {4F5E4AA7-84D6-48EE-9966-2624277CB855} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)

Task: {55E890D5-C907-4EFE-87B9-F28FBD63C946} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-29] (Microsoft Corporation)

Task: {740FB10F-EA0E-41E7-9361-495CAF65DDA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

Task: {9644BA65-D990-437A-8F4D-6E12C219CFB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle No Task File <==== ATTENTION

Task: {BDF5B269-04D8-4AF1-8C80-F37A8442E7E4} - System32\Tasks\AdobeAAMUpdater-1.0-Yvonne-PC-Yvonne => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {D756B66D-9699-4067-BEE5-4A5E17B050EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {EC533B61-D3B7-4825-B77A-3E85799ADFCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000Core.job => C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2680941182-924487306-1447265962-1000UA.job => C:\Users\Yvonne\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AcrSch2Svc => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: cphs => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: NOBU => 2

MSCONFIG\Services: PasswordBox => 2

MSCONFIG\Services: SftService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: vToolbarUpdater18.4.0 => 2

MSCONFIG\Services: WtuSystemSupport => 2

MSCONFIG\Services: ZAtheros Wlan Agent => 2

MSCONFIG\startupfolder: C:^Users^Yvonne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: E:\

Description: Multi-Card     

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

Name: HTTP

Description: HTTP

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: HTTP

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: STORE N GO

Description: STORE N GO     

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Verbatim

Service: WUDFRd

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

Name: YVONNE

Description:                

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer:        

Service: WUDFRd

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/09/2015 08:19:33 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/09/2015 07:28:36 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/08/2015 11:06:57 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

 

 

Details:

                (HRESULT : 0x80070008) (0x80070008)

 

Error: (07/08/2015 10:42:08 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/08/2015 10:26:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

 

Error: (07/08/2015 10:25:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

 

Error: (07/08/2015 10:22:08 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

 

Error: (07/08/2015 09:44:02 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/05/2015 00:45:00 AM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/05/2015 00:18:13 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

 

 

System errors:

=============

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%22

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error:

%%22

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The srvnet service failed to start due to the following error:

%%22

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:

%%1068

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1068

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:

%%1068

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:

%%1068

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:

%%22

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%22

 

Error: (07/09/2015 08:34:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%22

 

 

Microsoft Office:

=========================

Error: (07/09/2015 08:19:33 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/09/2015 07:28:36 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/08/2015 11:06:57 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description:

Details:

                (HRESULT : 0x80070008) (0x80070008)

 

Error: (07/08/2015 10:42:08 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/08/2015 10:26:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x8007000e

 

Error: (07/08/2015 10:25:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x8007000e

 

Error: (07/08/2015 10:22:08 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x80070008

 

Error: (07/08/2015 09:44:02 PM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/05/2015 00:45:00 AM) (Source: Schedule) (EventID: 0) (User: )

Description: Schedule error: 10050Initialize call failed, bailing out

 

Error: (07/05/2015 00:18:13 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: C:\Windows\SysWOW64\werui.dllC:\Windows\SysWOW64\werui.dll0

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz

Percentage of memory in use: 95%

Total physical RAM: 3974.15 MB

Available physical RAM: 194.18 MB

Total Pagefile: 12202.51 MB

Available Pagefile: 922.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:917.37 GB) (Free:755.43 GB) NTFS

Drive f: (YVONNE) (Removable) (Total:7.22 GB) (Free:7.19 GB) FAT32

Drive g: (YVONNE W) (Removable) (Total:3.73 GB) (Free:3.09 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 6C6B85D2)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=14.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 7.2 GB) (Disk ID: 04030201)

Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

 

========================================================

Disk: 3 (Size: 3.7 GB) (Disk ID: 6F20736B)

No partition Table on disk 3.

Disk 3 is a removable device.

 

==================== End of log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP