Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue screens, wonky Malwarebytes, AVG was deleted.... [Solved]


  • This topic is locked This topic is locked

#1
NC-Native

NC-Native

    Member

  • Member
  • PipPip
  • 30 posts

Working on this pc again for a friend. I put AVG, Malwarebytes and Spybot on here a few years ago. Somehow AVG was either removed or disabled and Malwarebytes keeps opening up on it's on every few minutes. I've re-installed AVG and ran a virus scan, it did find quite a few problems and corrected them but the system still seems buggy to me. I've done all I can with the knowledge I have (thanks to what you guys have taught me in the past). But I haven't kept up with the malware removal stuff in years now so I'm hoping you guys can help me again!

 

Here is the FRST file

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Tiffany Barron (administrator) on TIFFANYBARRON on 12-07-2015 13:19:59
Running from C:\Users\Tiffany Barron\Desktop
Loaded Profiles: Tiffany Barron (Available Profiles: Tiffany Barron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3174800 2015-07-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [AIM for Windows] => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [1074216 2013-09-09] (AOL Inc.)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [EPSON Artisan 700 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIENA.EXE [221696 2008-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [EPSON Artisan 700 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIENA.EXE [221696 2008-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {2b67a4a9-ae1e-11e2-8eb8-4c80936818c4} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {33d08871-17c0-11e2-9b0d-4c80936818c4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {6fccb840-293c-11e2-8e1b-4c80936818c4} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {bec7a337-d046-11e4-93b9-4c80936818c4} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {f97bdff0-17e9-11e2-9422-4c80936818c4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-26] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17DC85A1-F065-45D8-A9C1-D73BFDBDAF15}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-03]
CHR Extension: (AVG Secure Search) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1874320 2015-07-08] (AVG Secure Search)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-08] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 13:19 - 2015-07-12 13:20 - 00015995 _____ C:\Users\Tiffany Barron\Desktop\FRST.txt
2015-07-12 13:19 - 2015-07-12 13:20 - 00000000 ____D C:\FRST
2015-07-12 13:04 - 2015-07-12 13:04 - 02130944 _____ (Farbar) C:\Users\Tiffany Barron\Desktop\FRST64.exe
2015-07-08 18:07 - 2015-07-08 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 17:55 - 2015-07-08 01:14 - 00013200 _____ C:\Users\Tiffany Barron\Desktop\avgrep.txt
2015-07-07 17:52 - 2015-07-07 17:53 - 00000000 ____D C:\Windows\Minidump
2015-07-07 17:52 - 2015-07-07 17:52 - 971187591 _____ C:\Windows\MEMORY.DMP
2015-07-06 19:27 - 2015-07-09 05:57 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-08 21:59 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-08 18:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-06 19:26 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-07-06 19:26 - 2015-07-06 19:26 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-07-06 19:19 - 2015-07-06 19:19 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Roaming\AVG2015
2015-07-06 19:19 - 2015-07-06 19:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-06 19:18 - 2015-07-06 19:18 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-06 19:18 - 2015-07-06 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-06 19:17 - 2015-07-06 20:00 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-06 19:17 - 2015-07-06 19:17 - 00000000 ___HD C:\$AVG
2015-07-06 19:16 - 2015-07-06 19:16 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-06 19:10 - 2015-07-06 19:40 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\Avg2015
2015-07-06 19:09 - 2015-07-06 19:09 - 04928968 _____ (AVG Technologies) C:\Users\Tiffany Barron\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 13:15 - 2014-06-28 19:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 13:07 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 13:07 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 12:56 - 2012-10-18 14:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 12:49 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 12:46 - 2012-10-16 12:45 - 01243840 _____ C:\Windows\WindowsUpdate.log
2015-07-12 12:43 - 2012-10-16 13:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 12:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 12:42 - 2009-07-14 00:51 - 00048787 _____ C:\Windows\setupact.log
2015-07-12 12:21 - 2012-10-16 13:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 08:31 - 2012-10-16 14:24 - 00000000 ____D C:\ProgramData\MFAData
2015-07-10 23:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-08 22:56 - 2012-10-18 14:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 22:56 - 2012-10-18 14:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 22:56 - 2012-10-18 14:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 17:52 - 2010-11-20 23:47 - 00335078 _____ C:\Windows\PFRO.log
2015-07-06 19:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2015-06-29 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2015-06-29 00:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2015-06-28 21:18 - 2014-06-04 23:45 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\SniperV2
2015-06-28 21:18 - 2014-06-04 22:19 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 21:17 - 2012-11-07 18:23 - 00050474 _____ C:\Windows\DirectX.log
2015-06-28 17:31 - 2012-10-16 14:04 - 00002257 _____ C:\Users\Tiffany Barron\Desktop\Google Chrome.lnk
2015-06-28 17:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
2015-06-25 20:32 - 2014-06-28 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-25 20:32 - 2014-06-28 19:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-25 20:32 - 2012-10-16 21:59 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-24 22:30 - 2014-12-25 23:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-18 08:41 - 2014-06-28 19:24 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-06-28 19:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2012-10-16 21:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 21:06 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-06-17 18:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-03-30 00:11 - 2015-03-30 00:11 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-30 00:11 - 2015-03-30 00:11 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:11 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:11 - 2015-03-30 00:11 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.URL
2015-06-03 20:47 - 2015-06-03 20:47 - 0001344 _____ () C:\Users\Tiffany Barron\AppData\Local\bq5uzce1f3.dll
2015-03-30 00:10 - 2015-03-30 00:10 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.HTML
2015-03-30 00:10 - 2015-03-30 00:10 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:10 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:10 - 2015-03-30 00:10 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.URL
2015-03-29 23:10 - 2015-03-31 15:34 - 0000600 ____H () C:\ProgramData\@system.temp
2015-03-29 23:10 - 2015-03-31 15:35 - 0000336 ____H () C:\ProgramData\@system3.att
2015-03-30 00:08 - 2015-03-30 00:08 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-30 00:08 - 2015-03-30 00:08 - 0046087 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2014-06-04 22:20 - 2015-03-30 00:08 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:08 - 2015-03-30 00:08 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-27 16:26 - 2015-05-27 16:42 - 0405009 _____ () C:\ProgramData\lgnhmzb.html
 
Some files in TEMP:
====================
C:\Users\Tiffany Barron\AppData\Local\Temp\a.exe
C:\Users\Tiffany Barron\AppData\Local\Temp\_isABD8.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-10 21:18
 
==================== End of log ============================
 
 
And here is the Additional file...
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Tiffany Barron at 2015-07-12 13:20:39
Running from C:\Users\Tiffany Barron\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-174260949-2547485650-4126252976-500 - Administrator - Disabled)
Guest (S-1-5-21-174260949-2547485650-4126252976-501 - Limited - Disabled)
Tiffany Barron (S-1-5-21-174260949-2547485650-4126252976-1000 - Administrator - Enabled) => C:\Users\Tiffany Barron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\AIM) (Version:  - AOL Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2007055598.48.56.32509162 - Audible, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.4.948 - AVG Technologies)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Artisan 700 Series Printer Uninstall (HKLM\...\EPSON Artisan 700 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.4.0.17399 - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-174260949-2547485650-4126252976-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No Filepath
 
==================== Restore Points =========================
 
12-07-2015 00:00:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-03-11 17:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08FD69BE-1097-48D5-B371-5A32AEA4735A} - System32\Tasks\{7AB50161-EE45-45F1-A9B7-C34748424721} => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [2013-09-09] (AOL Inc.)
Task: {15DDAE9E-53D7-4955-8090-97D93A7EB1B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {199AE266-ED07-43F8-8E6C-605E5076D9C9} - System32\Tasks\tnsqyin => C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe <==== ATTENTION
Task: {1E3D25B6-DC22-4FF9-8D5B-C825B6E0B397} - System32\Tasks\{7C8D0F2D-5CDA-4EF9-9648-8C3917F98C9A} => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [2013-09-09] (AOL Inc.)
Task: {459CAC13-7B5E-4792-BA0A-02B7DA434923} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5BBB8E25-1E44-459F-8256-15FB34B51BE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {7D1DE099-5334-4E5C-B2C5-7A7AAE483C19} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {91614A9B-D08D-4010-909D-3BE46E597362} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {C97A7A36-0F13-4CBA-8E7D-689F156B3B3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D75A6700-8261-4083-B858-AAC6FDD31B07} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E87310EF-1FFD-4415-B4F1-A37A43F36338} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5} - System32\Tasks\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632} => pcalua.exe -a "C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D446X2UF\epson13319.exe" -d "C:\Users\Tiffany Barron\Desktop"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-06 19:26 - 2015-07-08 18:07 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-07-08 18:07 - 2015-07-08 18:07 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-06 19:26 - 2015-07-08 18:07 - 03174800 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-12-30 16:46 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-30 16:46 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-30 16:46 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-30 16:46 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-30 16:46 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-08 18:07 - 2015-07-08 18:07 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2014-01-07 01:44 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-07 01:44 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2015-07-08 18:22 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 18:22 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE8B7266-D16B-46C7-870F-0F03B689DC7A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{A7A401AC-7F19-409E-97DA-544AC6FC50B8}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{A8C6EA08-D05B-4778-A4EB-8979CDBF27EF}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{035545F3-59CF-4C7B-9BEC-79D06370A529}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9F36DF3C-4157-4C91-A8A2-E54F611C9B98}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D91C4532-678E-4F8D-9B1D-75C2614F38F5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{BB11EB69-D59A-4DB4-8080-9088F09244C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{8188123E-DA5F-42B7-B170-3752C11FF382}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{FD0EEFC1-248C-4E66-9686-EE5E44F51554}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{E5C14CFD-9F89-4246-88A0-F72766DAF987}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{586A21AA-FA1B-413D-887D-FF84A96DE836}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{6FED63C9-EDD2-4DC2-8B57-FEDFA92206AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{96C7F886-C652-45A2-BFA6-59299F04240D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{EE7E4DC0-EC32-43EA-A5AE-1F72489449DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{58FF8563-60A8-4974-98B6-9022981813F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{2F5E8CC7-6062-475D-B619-45D27EC467F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{16DD9318-311E-4FC6-90F7-4FEDA4AC9BEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{F0EC7E27-C4B3-4903-ACC1-16AE4D007208}C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe] => (Allow) C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe
FirewallRules: [UDP Query User{AE40F03B-A68D-4A38-BD09-9CD2208EC69E}C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe] => (Allow) C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe
FirewallRules: [TCP Query User{EFF0FD07-505B-4F0C-8924-DBB45D533E96}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E943DF71-9A5A-4C9B-BD55-40152EF10446}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6ADA3D6E-5F10-4646-86AE-FAEF33340257}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{57BD52C7-F72E-438E-81CD-C89929970439}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA94B79E-9FDE-4AC6-813F-4614E4DD41E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{B06C49B4-ECD3-417A-B474-D625E8DC7629}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{E99A70E5-A3B2-4F9E-9405-8D74BEA9BFCE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DFDFB909-1A29-4955-8305-2B6F8ED129F8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{DE7F9F8D-D68E-49F4-B27F-A41F6F420BED}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{B7219A07-58A2-44F3-9221-F9EF28315E6E}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8F4E5548-6EE9-4B46-BA4D-F488EC59BBB8}C:\users\tiffany barron\appdata\local\temp\fdc2.tmp] => (Block) C:\users\tiffany barron\appdata\local\temp\fdc2.tmp
FirewallRules: [UDP Query User{AC6FC371-DF65-471B-AAFD-E08149835479}C:\users\tiffany barron\appdata\local\temp\fdc2.tmp] => (Block) C:\users\tiffany barron\appdata\local\temp\fdc2.tmp
FirewallRules: [TCP Query User{9389D673-CF19-402C-B00A-9CAE8366863D}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{37A85597-795A-4249-BB83-9E6D2B49C201}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{024ECEC8-F6AC-416E-81CC-10EAD0B2ACE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8E35ADCE-19E5-4FE1-A0EA-492C35402B9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{22F80A1F-DEFF-44FE-8F40-319AC1A33721}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8D78966D-A74B-4A18-AF73-848DC6BCD9C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{990F4AEA-09A3-4362-9222-CFFE793C3DA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{03DF4346-DF8C-4721-9B94-EFFB3EBAA33D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D3F81FE6-53A3-4C5D-AF0E-1624E4062E09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{808DCCDD-29AA-485E-9B86-415D03A71E0B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FDDACF97-06A3-4B97-BB7D-18D5084893B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{80C1BC24-61E9-49B8-ADA5-CD529A43E88C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D7068DC5-8257-49EC-A7EA-30D219CF72F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8D445339-26A4-4775-B068-64DD80F290DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{89EB1DAE-1764-44B4-8B3F-462783AB198E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2015 12:43:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 11:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x15ec
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/11/2015 10:43:48 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/">.
 
Error: (07/11/2015 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: DriveDefrag32.dll, version: 12.0.3013.3, time stamp: 0x50ae2888
Exception code: 0xc0000005
Fault offset: 0x0003d94a
Faulting process id: 0x149c
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/11/2015 03:23:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2015 08:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x18b0
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/09/2015 06:45:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/">.
 
Error: (07/09/2015 06:44:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.55.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e08
 
Start Time: 01d0ba2da60645e1
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 556f3814-2627-11e5-ac08-4c80936818c4
 
Error: (07/08/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2015 06:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/11/2015 07:51:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/10/2015 12:59:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/09/2015 01:34:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
Error: (07/08/2015 10:02:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/08/2015 10:02:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/08/2015 10:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
%%1053
 
Error: (07/08/2015 10:01:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (07/08/2015 09:58:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/08/2015 05:53:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/07/2015 05:53:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (07/12/2015 12:43:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 11:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeKERNELBASE.dll6.1.7601.18869556363bce06d73630000c42d15ec01d0bc4c3abdef1eC:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\Windows\syswow64\KERNELBASE.dll3d816aad-2842-11e5-a7e6-4c80936818c4
 
Error: (07/11/2015 10:43:48 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/
 
Error: (07/11/2015 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeDriveDefrag32.dll12.0.3013.350ae2888c00000050003d94a149c01d0bc158e9f1647C:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\PROGRA~2\AVG\AVG2015\Tuneup\DriveDefrag32.dllaaf5b28f-2811-11e5-a7e6-4c80936818c4
 
Error: (07/11/2015 03:23:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2015 08:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeKERNELBASE.dll6.1.7601.18869556363bce06d73630000c42d18b001d0bb6e0d3ec340C:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\Windows\syswow64\KERNELBASE.dlle5212180-2764-11e5-ac08-4c80936818c4
 
Error: (07/09/2015 06:45:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/
 
Error: (07/09/2015 06:44:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe2.3.55.0e0801d0ba2da60645e10C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe556f3814-2627-11e5-ac08-4c80936818c4
 
Error: (07/08/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2015 06:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 6051.18 MB
Available physical RAM: 3876.19 MB
Total Virtual: 12100.57 MB
Available Virtual: 9805.75 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:566.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AF884100)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Oh and this keeps popping up everytime I restart the laptop...
 
RunDLL
There was a problem starting C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\bstack.dll
The specified modile could not be found.

  • 0

#3
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Anyone?


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry for the delay could I have a fresh FRST scan please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#5
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Here are the fresh scans...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Tiffany Barron (administrator) on TIFFANYBARRON on 16-07-2015 18:43:31
Running from C:\Users\Tiffany Barron\Desktop
Loaded Profiles: Tiffany Barron (Available Profiles: Tiffany Barron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.26.exe
(Microsoft Corporation) C:\07eeb660908e07441c11d10c5382a8ea\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3174800 2015-07-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [AIM for Windows] => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [1074216 2013-09-09] (AOL Inc.)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [EPSON Artisan 700 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIENA.EXE [221696 2008-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [EPSON Artisan 700 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIENA.EXE [221696 2008-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [AVG-Secure-Search-Update_0715tb] => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2579856 2015-07-15] ()
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {2b67a4a9-ae1e-11e2-8eb8-4c80936818c4} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {33d08871-17c0-11e2-9b0d-4c80936818c4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {6fccb840-293c-11e2-8e1b-4c80936818c4} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {bec7a337-d046-11e4-93b9-4c80936818c4} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\MountPoints2: {f97bdff0-17e9-11e2-9422-4c80936818c4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-03-26] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-26] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17DC85A1-F065-45D8-A9C1-D73BFDBDAF15}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll No File
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-03]
CHR Extension: (AVG Secure Search) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1874320 2015-07-08] (AVG Secure Search)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-08] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 18:43 - 2015-07-16 18:46 - 00016804 _____ C:\Users\Tiffany Barron\Desktop\FRST.txt
2015-07-16 18:42 - 2015-07-16 18:42 - 00000000 ____D C:\Users\Tiffany Barron\Desktop\FRST-OlderVersion
2015-07-16 18:34 - 2015-07-16 18:34 - 00000000 ____D C:\07eeb660908e07441c11d10c5382a8ea
2015-07-15 21:34 - 2015-07-15 21:34 - 00002756 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_RML
2015-07-15 21:34 - 2015-07-15 21:34 - 00000358 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job
2015-07-15 21:33 - 2015-07-15 21:33 - 00002646 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0715tb_rel
2015-07-15 21:33 - 2015-07-15 21:33 - 00000354 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job
2015-07-15 21:32 - 2015-07-15 21:33 - 00000000 ____D C:\ProgramData\Avg_Update_0715tb
2015-07-15 21:32 - 2015-07-15 21:32 - 00002908 _____ C:\Windows\System32\Tasks\AVG_SYS_TASK_0715tb_DELETE
2015-07-15 21:32 - 2015-07-15 21:32 - 00000406 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job
2015-07-12 13:19 - 2015-07-16 18:43 - 00000000 ____D C:\FRST
2015-07-12 13:04 - 2015-07-16 18:42 - 02133504 _____ (Farbar) C:\Users\Tiffany Barron\Desktop\FRST64.exe
2015-07-08 18:07 - 2015-07-08 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 17:55 - 2015-07-08 01:14 - 00013200 _____ C:\Users\Tiffany Barron\Desktop\avgrep.txt
2015-07-07 17:52 - 2015-07-07 17:53 - 00000000 ____D C:\Windows\Minidump
2015-07-07 17:52 - 2015-07-07 17:52 - 971187591 _____ C:\Windows\MEMORY.DMP
2015-07-06 19:27 - 2015-07-09 05:57 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-08 21:59 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-08 18:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-07-06 19:26 - 2015-07-06 19:26 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-07-06 19:26 - 2015-07-06 19:26 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-07-06 19:19 - 2015-07-06 19:19 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Roaming\AVG2015
2015-07-06 19:19 - 2015-07-06 19:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-06 19:18 - 2015-07-06 19:18 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-06 19:18 - 2015-07-06 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-06 19:17 - 2015-07-06 20:00 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-06 19:17 - 2015-07-06 19:17 - 00000000 ___HD C:\$AVG
2015-07-06 19:16 - 2015-07-06 19:16 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-06 19:10 - 2015-07-06 19:40 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\Avg2015
2015-07-06 19:09 - 2015-07-06 19:09 - 04928968 _____ (AVG Technologies) C:\Users\Tiffany Barron\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 18:46 - 2012-10-16 12:45 - 01446753 _____ C:\Windows\WindowsUpdate.log
2015-07-16 18:40 - 2012-10-16 13:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 18:37 - 2012-10-16 14:24 - 00000000 ____D C:\ProgramData\MFAData
2015-07-16 18:35 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 18:34 - 2013-07-29 13:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 18:32 - 2012-10-18 14:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 21:40 - 2012-10-16 13:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 21:37 - 2012-10-18 14:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 21:37 - 2012-10-18 14:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 21:37 - 2012-10-18 14:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 21:35 - 2012-10-16 13:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 21:35 - 2012-10-16 13:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 21:24 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:24 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:08 - 2014-06-28 19:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 12:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 12:42 - 2009-07-14 00:51 - 00048787 _____ C:\Windows\setupact.log
2015-07-10 23:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-07 17:52 - 2010-11-20 23:47 - 00335078 _____ C:\Windows\PFRO.log
2015-07-06 19:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2015-07-03 08:43 - 2012-10-16 15:44 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-29 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2015-06-29 00:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2015-06-28 21:18 - 2014-06-04 23:45 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Local\SniperV2
2015-06-28 21:18 - 2014-06-04 22:19 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 21:17 - 2012-11-07 18:23 - 00050474 _____ C:\Windows\DirectX.log
2015-06-28 17:31 - 2012-10-16 14:04 - 00002257 _____ C:\Users\Tiffany Barron\Desktop\Google Chrome.lnk
2015-06-28 17:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
2015-06-25 20:32 - 2014-06-28 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-25 20:32 - 2014-06-28 19:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-25 20:32 - 2012-10-16 21:59 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-24 22:30 - 2014-12-25 23:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-18 08:41 - 2014-06-28 19:24 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-06-28 19:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2012-10-16 21:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 21:06 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-06-17 18:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-03-30 00:11 - 2015-03-30 00:11 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-30 00:11 - 2015-03-30 00:11 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:11 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:11 - 2015-03-30 00:11 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.URL
2015-06-03 20:47 - 2015-06-03 20:47 - 0001344 _____ () C:\Users\Tiffany Barron\AppData\Local\bq5uzce1f3.dll
2015-03-30 00:10 - 2015-03-30 00:10 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.HTML
2015-03-30 00:10 - 2015-03-30 00:10 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:10 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:10 - 2015-03-30 00:10 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.URL
2015-03-29 23:10 - 2015-03-31 15:34 - 0000600 ____H () C:\ProgramData\@system.temp
2015-03-29 23:10 - 2015-03-31 15:35 - 0000336 ____H () C:\ProgramData\@system3.att
2015-03-30 00:08 - 2015-03-30 00:08 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-30 00:08 - 2015-03-30 00:08 - 0046087 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2014-06-04 22:20 - 2015-03-30 00:08 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:08 - 2015-03-30 00:08 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-27 16:26 - 2015-05-27 16:42 - 0405009 _____ () C:\ProgramData\lgnhmzb.html
 
Some files in TEMP:
====================
C:\Users\Tiffany Barron\AppData\Local\Temp\a.exe
C:\Users\Tiffany Barron\AppData\Local\Temp\_isABD8.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 22:24
 
==================== End of log ============================
 
 
 
And the second one...
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tiffany Barron at 2015-07-16 18:47:52
Running from C:\Users\Tiffany Barron\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-174260949-2547485650-4126252976-500 - Administrator - Disabled)
Guest (S-1-5-21-174260949-2547485650-4126252976-501 - Limited - Disabled)
Tiffany Barron (S-1-5-21-174260949-2547485650-4126252976-1000 - Administrator - Enabled) => C:\Users\Tiffany Barron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\AIM) (Version:  - AOL Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2007055598.48.56.32509162 - Audible, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.4.948 - AVG Technologies)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Artisan 700 Series Printer Uninstall (HKLM\...\EPSON Artisan 700 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.4.0.17399 - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-174260949-2547485650-4126252976-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No Filepath
 
==================== Restore Points =========================
 
12-07-2015 00:00:01 Scheduled Checkpoint
16-07-2015 18:32:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-03-11 17:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08FD69BE-1097-48D5-B371-5A32AEA4735A} - System32\Tasks\{7AB50161-EE45-45F1-A9B7-C34748424721} => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [2013-09-09] (AOL Inc.)
Task: {15DDAE9E-53D7-4955-8090-97D93A7EB1B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {199AE266-ED07-43F8-8E6C-605E5076D9C9} - System32\Tasks\tnsqyin => C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe <==== ATTENTION
Task: {1E3D25B6-DC22-4FF9-8D5B-C825B6E0B397} - System32\Tasks\{7C8D0F2D-5CDA-4EF9-9648-8C3917F98C9A} => C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe [2013-09-09] (AOL Inc.)
Task: {1F230048-0CD2-4367-8B1B-BBE6A1D95215} - System32\Tasks\AVG_SYS_TASK_0715tb_DELETE => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-15] ()
Task: {459CAC13-7B5E-4792-BA0A-02B7DA434923} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5BBB8E25-1E44-459F-8256-15FB34B51BE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {7D1DE099-5334-4E5C-B2C5-7A7AAE483C19} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {91614A9B-D08D-4010-909D-3BE46E597362} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {9BDA126C-F348-43CC-A4F6-EB14A1D09FFC} - System32\Tasks\AVG-Secure-Search-Update_0715tb_RML => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-15] ()
Task: {C97A7A36-0F13-4CBA-8E7D-689F156B3B3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D75A6700-8261-4083-B858-AAC6FDD31B07} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {DAEC2721-821F-43E4-9ACD-929F0CD747E9} - System32\Tasks\AVG-Secure-Search-Update_0715tb_rel => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe [2015-07-15] ()
Task: {E87310EF-1FFD-4415-B4F1-A37A43F36338} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)
Task: {F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5} - System32\Tasks\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632} => pcalua.exe -a "C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D446X2UF\epson13319.exe" -d "C:\Users\Tiffany Barron\Desktop"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_rel.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0715tb_RML.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715tb_DELETE.job => C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-06 19:26 - 2015-07-08 18:07 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-07-08 18:07 - 2015-07-08 18:07 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-06 19:26 - 2015-07-08 18:07 - 03174800 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-07-15 21:32 - 2015-07-15 21:32 - 02579856 _____ () C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe
2014-12-30 16:46 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-30 16:46 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-30 16:46 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-30 16:46 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-30 16:46 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-08 18:07 - 2015-07-08 18:07 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2014-01-07 01:44 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-07 01:44 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2015-07-08 18:22 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 18:22 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE8B7266-D16B-46C7-870F-0F03B689DC7A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{A7A401AC-7F19-409E-97DA-544AC6FC50B8}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{A8C6EA08-D05B-4778-A4EB-8979CDBF27EF}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{035545F3-59CF-4C7B-9BEC-79D06370A529}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9F36DF3C-4157-4C91-A8A2-E54F611C9B98}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D91C4532-678E-4F8D-9B1D-75C2614F38F5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{BB11EB69-D59A-4DB4-8080-9088F09244C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{8188123E-DA5F-42B7-B170-3752C11FF382}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{FD0EEFC1-248C-4E66-9686-EE5E44F51554}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{E5C14CFD-9F89-4246-88A0-F72766DAF987}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{586A21AA-FA1B-413D-887D-FF84A96DE836}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{6FED63C9-EDD2-4DC2-8B57-FEDFA92206AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{96C7F886-C652-45A2-BFA6-59299F04240D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{EE7E4DC0-EC32-43EA-A5AE-1F72489449DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{58FF8563-60A8-4974-98B6-9022981813F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{2F5E8CC7-6062-475D-B619-45D27EC467F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{16DD9318-311E-4FC6-90F7-4FEDA4AC9BEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{F0EC7E27-C4B3-4903-ACC1-16AE4D007208}C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe] => (Allow) C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe
FirewallRules: [UDP Query User{AE40F03B-A68D-4A38-BD09-9CD2208EC69E}C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe] => (Allow) C:\users\tiffany barron\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe
FirewallRules: [TCP Query User{EFF0FD07-505B-4F0C-8924-DBB45D533E96}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E943DF71-9A5A-4C9B-BD55-40152EF10446}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6ADA3D6E-5F10-4646-86AE-FAEF33340257}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{57BD52C7-F72E-438E-81CD-C89929970439}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA94B79E-9FDE-4AC6-813F-4614E4DD41E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{B06C49B4-ECD3-417A-B474-D625E8DC7629}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{E99A70E5-A3B2-4F9E-9405-8D74BEA9BFCE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DFDFB909-1A29-4955-8305-2B6F8ED129F8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{DE7F9F8D-D68E-49F4-B27F-A41F6F420BED}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{B7219A07-58A2-44F3-9221-F9EF28315E6E}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8F4E5548-6EE9-4B46-BA4D-F488EC59BBB8}C:\users\tiffany barron\appdata\local\temp\fdc2.tmp] => (Block) C:\users\tiffany barron\appdata\local\temp\fdc2.tmp
FirewallRules: [UDP Query User{AC6FC371-DF65-471B-AAFD-E08149835479}C:\users\tiffany barron\appdata\local\temp\fdc2.tmp] => (Block) C:\users\tiffany barron\appdata\local\temp\fdc2.tmp
FirewallRules: [TCP Query User{9389D673-CF19-402C-B00A-9CAE8366863D}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{37A85597-795A-4249-BB83-9E6D2B49C201}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{024ECEC8-F6AC-416E-81CC-10EAD0B2ACE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8E35ADCE-19E5-4FE1-A0EA-492C35402B9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{22F80A1F-DEFF-44FE-8F40-319AC1A33721}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8D78966D-A74B-4A18-AF73-848DC6BCD9C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{990F4AEA-09A3-4362-9222-CFFE793C3DA1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{03DF4346-DF8C-4721-9B94-EFFB3EBAA33D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D3F81FE6-53A3-4C5D-AF0E-1624E4062E09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{808DCCDD-29AA-485E-9B86-415D03A71E0B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FDDACF97-06A3-4B97-BB7D-18D5084893B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{80C1BC24-61E9-49B8-ADA5-CD529A43E88C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{8D445339-26A4-4775-B068-64DD80F290DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{89EB1DAE-1764-44B4-8B3F-462783AB198E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6617F3B9-C37C-4CDD-BE8A-77B8AFF779FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2015 09:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ScriptHelper.exe, version: 4.1.4.948, time stamp: 0x5592bb4e
Faulting module name: ScriptHelper.exe, version: 4.1.4.948, time stamp: 0x5592bb4e
Exception code: 0xc0000005
Fault offset: 0x0002bf58
Faulting process id: 0x1488
Faulting application start time: 0xScriptHelper.exe0
Faulting application path: ScriptHelper.exe1
Faulting module path: ScriptHelper.exe2
Report Id: ScriptHelper.exe3
 
Error: (07/12/2015 12:43:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 11:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x15ec
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/11/2015 10:43:48 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/">.
 
Error: (07/11/2015 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: DriveDefrag32.dll, version: 12.0.3013.3, time stamp: 0x50ae2888
Exception code: 0xc0000005
Fault offset: 0x0003d94a
Faulting process id: 0x149c
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/11/2015 03:23:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2015 08:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TUMICR~1.EXE, version: 12.0.3013.4, time stamp: 0x51fa5cfe
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x18b0
Faulting application start time: 0xTUMICR~1.EXE0
Faulting application path: TUMICR~1.EXE1
Faulting module path: TUMICR~1.EXE2
Report Id: TUMICR~1.EXE3
 
Error: (07/09/2015 06:45:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/">.
 
Error: (07/09/2015 06:44:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.55.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e08
 
Start Time: 01d0ba2da60645e1
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 556f3814-2627-11e5-ac08-4c80936818c4
 
Error: (07/08/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/16/2015 06:32:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/16/2015 06:32:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/15/2015 09:49:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/15/2015 09:32:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/15/2015 09:32:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/14/2015 04:13:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/14/2015 03:59:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/14/2015 03:58:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/14/2015 11:35:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (07/14/2015 11:26:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
 
Microsoft Office:
=========================
Error: (07/15/2015 09:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ScriptHelper.exe4.1.4.9485592bb4eScriptHelper.exe4.1.4.9485592bb4ec00000050002bf58148801d0bf6765f692a4C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.7.0\ScriptHelper.exeC:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.7.0\ScriptHelper.exea7cff694-2b5a-11e5-b995-4c80936818c4
 
Error: (07/12/2015 12:43:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2015 11:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeKERNELBASE.dll6.1.7601.18869556363bce06d73630000c42d15ec01d0bc4c3abdef1eC:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\Windows\syswow64\KERNELBASE.dll3d816aad-2842-11e5-a7e6-4c80936818c4
 
Error: (07/11/2015 10:43:48 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/
 
Error: (07/11/2015 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeDriveDefrag32.dll12.0.3013.350ae2888c00000050003d94a149c01d0bc158e9f1647C:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\PROGRA~2\AVG\AVG2015\Tuneup\DriveDefrag32.dllaaf5b28f-2811-11e5-a7e6-4c80936818c4
 
Error: (07/11/2015 03:23:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2015 08:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TUMICR~1.EXE12.0.3013.451fa5cfeKERNELBASE.dll6.1.7601.18869556363bce06d73630000c42d18b001d0bb6e0d3ec340C:\PROGRA~2\AVG\AVG2015\Tuneup\TUMICR~1.EXEC:\Windows\syswow64\KERNELBASE.dlle5212180-2764-11e5-ac08-4c80936818c4
 
Error: (07/09/2015 06:45:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-174260949-2547485650-4126252976-1000}/
 
Error: (07/09/2015 06:44:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe2.3.55.0e0801d0ba2da60645e10C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe556f3814-2627-11e5-ac08-4c80936818c4
 
Error: (07/08/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 81%
Total physical RAM: 6051.18 MB
Available physical RAM: 1108.1 MB
Total Virtual: 12100.57 MB
Available Virtual: 7338.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:565.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AF884100)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi it looks as though she has been hit by ransomware

Could you let me know what problems are evident after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
2015-03-30 00:11 - 2015-03-30 00:11 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-30 00:11 - 2015-03-30 00:11 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:11 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:11 - 2015-03-30 00:11 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.URL
2015-06-03 20:47 - 2015-06-03 20:47 - 0001344 _____ () C:\Users\Tiffany Barron\AppData\Local\bq5uzce1f3.dll
2015-03-30 00:10 - 2015-03-30 00:10 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.HTML
2015-03-30 00:10 - 2015-03-30 00:10 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:10 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:10 - 2015-03-30 00:10 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.URL
2015-03-29 23:10 - 2015-03-31 15:34 - 0000600 ____H () C:\ProgramData\@system.temp
2015-03-29 23:10 - 2015-03-31 15:35 - 0000336 ____H () C:\ProgramData\@system3.att
2015-03-30 00:08 - 2015-03-30 00:08 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-30 00:08 - 2015-03-0 00:08 - 0046087 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2014-06-04 22:20 - 2015-03-30 00:08 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:08 - 2015-03-30 00:08 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-27 16:26 - 2015-05-27 16:42 - 0405009 _____ () C:\ProgramData\lgnhmzb.html
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT"
CustomCLSID: HKU\S-1-5-21-174260949-2547485650-4126252976-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No Filepath
Task: {199AE266-ED07-43F8-8E6C-605E5076D9C9} - System32\Tasks\tnsqyin => C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe <==== ATTENTION
Task: {F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5} - System32\Tasks\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632} => pcalua.exe -a "C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D446X2UF\epson13319.exe" -d "C:\Users\Tiffany Barron\Desktop"
C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#7
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

How long does it usually take? FRST has been running for about 2 hours now.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Should only take a few minutes at the most

Could you stop FRST and post the fixlog that should appear on the desktop
  • 0

#9
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I went to bed and when I got up it had finished. Here are the log files;

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Tiffany Barron at 2015-07-17 21:38:47 Run:1
Running from C:\Users\Tiffany Barron\Desktop
Loaded Profiles: Tiffany Barron (Available Profiles: Tiffany Barron)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...\Run: [BluetoothManager] => rundll32.exe "%appdata%\Microsoft\bstack.dll",bs_init
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
2015-03-30 00:11 - 2015-03-30 00:11 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-30 00:11 - 2015-03-30 00:11 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:11 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:11 - 2015-03-30 00:11 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.URL
2015-06-03 20:47 - 2015-06-03 20:47 - 0001344 _____ () C:\Users\Tiffany Barron\AppData\Local\bq5uzce1f3.dll
2015-03-30 00:10 - 2015-03-30 00:10 - 0008680 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.HTML
2015-03-30 00:10 - 2015-03-30 00:10 - 0046087 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.PNG
2015-03-30 00:09 - 2015-03-30 00:10 - 0001408 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:10 - 2015-03-30 00:10 - 0000300 _____ () C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.URL
2015-03-29 23:10 - 2015-03-31 15:34 - 0000600 ____H () C:\ProgramData\@system.temp
2015-03-29 23:10 - 2015-03-31 15:35 - 0000336 ____H () C:\ProgramData\@system3.att
2015-03-30 00:08 - 2015-03-30 00:08 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-30 00:08 - 2015-03-0 00:08 - 0046087 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2014-06-04 22:20 - 2015-03-30 00:08 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.irpqlyf
2015-03-30 00:08 - 2015-03-30 00:08 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-27 16:26 - 2015-05-27 16:42 - 0405009 _____ () C:\ProgramData\lgnhmzb.html
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT"
CustomCLSID: HKU\S-1-5-21-174260949-2547485650-4126252976-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No Filepath
Task: {199AE266-ED07-43F8-8E6C-605E5076D9C9} - System32\Tasks\tnsqyin => C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe <==== ATTENTION
Task: {F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5} - System32\Tasks\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632} => pcalua.exe -a "C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D446X2UF\epson13319.exe" -d "C:\Users\Tiffany Barron\Desktop"
C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothManager => value removed successfully
"HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => key removed successfully
"HKU\S-1-5-21-174260949-2547485650-4126252976-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully
C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully.
C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.TXT.irpqlyf => moved successfully.
C:\Users\Tiffany Barron\AppData\Roaming\HELP_DECRYPT.URL => moved successfully.
C:\Users\Tiffany Barron\AppData\Local\bq5uzce1f3.dll => moved successfully.
C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.HTML => moved successfully.
C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.TXT.irpqlyf => moved successfully.
C:\Users\Tiffany Barron\AppData\Local\HELP_DECRYPT.URL => moved successfully.
C:\ProgramData\@system.temp => moved successfully.
C:\ProgramData\@system3.att => moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT.irpqlyf => moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => moved successfully.
C:\ProgramData\lgnhmzb.html => moved successfully.
 
=========  del /F /Q /S "C:\HELP_DECRYPT.HTML" =========
 
Deleted file - C:\$Recycle.Bin\S-1-5-21-174260949-2547485650-4126252976-1000\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Agent\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Client\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\Support\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Garmin\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Garmin\Logs\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\Devices\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Garmin\Logs\ExpressTray\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Spybot - Search & Destroy\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Logs\HELP_DECRYPT.HTML
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Recovery\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\1.2.1.6\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.1.0.4\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.2.0.2\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Audible\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\T4SHETKS\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Sync Data Backup\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\ehome\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\Solitaire\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\76561193844319094\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\VGY72CQH\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\WebUpdate\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\HELP_DECRYPT.HTML
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\HELP_DECRYPT.HTML
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.PNG" =========
 
Deleted file - C:\$Recycle.Bin\S-1-5-21-174260949-2547485650-4126252976-1000\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Agent\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Client\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\Support\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Garmin\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Garmin\Logs\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\Devices\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Garmin\Logs\ExpressTray\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Spybot - Search & Destroy\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Logs\HELP_DECRYPT.PNG
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Recovery\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\1.2.1.6\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.1.0.4\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.2.0.2\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Audible\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\T4SHETKS\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Sync Data Backup\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\ehome\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\Solitaire\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\76561193844319094\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\VGY72CQH\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\WebUpdate\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\HELP_DECRYPT.PNG
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\HELP_DECRYPT.PNG
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.URL" =========
 
Deleted file - C:\$Recycle.Bin\S-1-5-21-174260949-2547485650-4126252976-1000\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Agent\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Client\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1997\Support\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Garmin\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Garmin\Logs\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Garmin\Logs\ExpressClient\Devices\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Garmin\Logs\ExpressTray\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Spybot - Search & Destroy\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Logs\HELP_DECRYPT.URL
Deleted file - C:\ProgramData\Spybot - Search & Destroy\Recovery\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AIM\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\ChromelyAIMUSGM\Win32\1.2.1.6\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.1.0.4\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\AOL\AOLDiag\AOL\chromely_aim\Win32\1.2.0.2\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Audible\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\T4SHETKS\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Sync Data Backup\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\ehome\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\Microsoft Games\Solitaire\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Local\SniperV2\PC_ProfileSaves\76561193844319094\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\LocalLow\Google\GoogleEarth\unified_cache_leveldb_leveldb2\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Adobe\Flash Player\AssetCache\VGY72CQH\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Garmin\WebUpdate\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\HELP_DECRYPT.URL
Deleted file - C:\Users\Tiffany Barron\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\HELP_DECRYPT.URL
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.TXT" =========
 
Deleted file - C:\$Recycle.Bin\S-1-5-21-174260949-2547485650-4126252976-1000\HELP_DECRYPT.TXT
 
========= End of CMD: =========
 
HKU\S-1-5-21-174260949-2547485650-4126252976-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{199AE266-ED07-43F8-8E6C-605E5076D9C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199AE266-ED07-43F8-8E6C-605E5076D9C9}" => key removed successfully
C:\Windows\System32\Tasks\tnsqyin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tnsqyin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F404218C-783A-4BB0-BCC5-A3CDEE0DBDC5}" => key removed successfully
C:\Windows\System32\Tasks\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4ED9D91D-6A8D-4BD6-906F-8FFFDA64F632}" => key removed successfully
"C:\Users\TIFFAN~1\AppData\Local\Temp\noiatnd.exe" => File/Folder not found.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::15f1:1a9:16a5:adf1%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{06B07B14-871D-4CE6-94AB-93BF94EE6897}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{DBC37BC0-F7B0-4F82-8891-C09208C19F81}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{5E6703C2-446C-4268-A2B8-C53CF549AD9B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{17DC85A1-F065-45D8-A9C1-D73BFDBDAF15}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{45961C95-61D5-415A-97BD-BCCAB1EC88E9}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::15f1:1a9:16a5:adf1%13
   IPv4 Address. . . . . . . . . . . : 192.168.1.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{06B07B14-871D-4CE6-94AB-93BF94EE6897}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{DBC37BC0-F7B0-4F82-8891-C09208C19F81}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{5E6703C2-446C-4268-A2B8-C53CF549AD9B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{17DC85A1-F065-45D8-A9C1-D73BFDBDAF15}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{45961C95-61D5-415A-97BD-BCCAB1EC88E9}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-174260949-2547485650-4126252976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
 
# AdwCleaner v4.208 - Logfile created 18/07/2015 at 09:29:45
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tiffany Barron - TIFFANYBARRON
# Running from : C:\Users\Tiffany Barron\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.7.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
File Deleted : C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
File Deleted : C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Tiffany Barron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{"_execute_page_action":{"suggested_key":"Alt+Shift+P","was_assigned":true}},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["browsingData","cookies","downloads","downloadsInternal","history","homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13080698975469215","lastpingday":"13081589979604230","location":1,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_settings_overrides":{"homepage":"hxxps://mysearch.avg.com/?rvt=1","search_provider":{"encoding":"UTF-8","favicon_url":"hxxps://mysearch.avg.com/favicon.ico","is_default":true,"keyword":"hxxps://mysearch.avg.com","name":"AVG Secure Search
 
*************************
 
AdwCleaner[R0].txt - [5914 bytes] - [18/07/2015 09:11:47]
AdwCleaner[S0].txt - [5609 bytes] - [18/07/2015 09:29:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5668  bytes] ##########
 

  • 0

#10
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

And I might add that I've been away all day yet there are sites in the history of the browser of sites that I did not go to and no one else in my house touched  the laptop.


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see why it took so long. there were a fair few ransom text files that needed deleting

Deeper look now

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#12
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I had disabled the antivirus but at the end of the combo fix it was activate again.

 

ComboFix 15-07-18.01 - Tiffany Barron 07/18/2015  19:35:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4578 [GMT -4:00]
Running from: c:\users\Tiffany Barron\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Tiffany Barron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4D2C941E-B561-4A40-9966-E1492B436DCD}.xps
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-19 to 2015-07-19  )))))))))))))))))))))))))))))))
.
.
2015-07-19 02:31 . 2015-07-19 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-18 13:11 . 2015-07-18 13:29 -------- d-----w- C:\AdwCleaner
2015-07-16 22:47 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-12 17:19 . 2015-07-18 01:54 -------- d-----w- C:\FRST
2015-07-06 23:27 . 2015-07-09 09:57 -------- d-----w- c:\users\Tiffany Barron\AppData\Local\AVG Web TuneUp
2015-07-06 23:26 . 2015-07-09 01:59 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-07-06 23:26 . 2015-07-18 13:11 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2015-07-06 23:19 . 2015-07-06 23:19 -------- d-----w- c:\users\Tiffany Barron\AppData\Roaming\AVG2015
2015-07-06 23:19 . 2015-07-06 23:19 -------- d-----w- c:\program files\Common Files\AV
2015-07-06 23:17 . 2015-07-06 23:17 -------- d-----w- C:\$AVG
2015-07-06 23:17 . 2015-07-07 00:00 -------- d-----w- c:\programdata\AVG2015
2015-07-06 23:16 . 2015-07-06 23:16 -------- d-----w- c:\program files (x86)\AVG
2015-07-06 23:12 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3AC30E0-F74D-4FA3-A95B-EB3389B9A40B}\mpengine.dll
2015-07-06 23:10 . 2015-07-06 23:40 -------- d-----w- c:\users\Tiffany Barron\AppData\Local\Avg2015
2015-06-26 13:49 . 2015-06-26 13:49 293296 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-06-24 05:29 . 2015-06-24 05:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 01:37 . 2012-10-18 18:40 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 01:37 . 2012-10-18 18:40 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 12:43 . 2012-10-16 19:44 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-16 19:55 . 2015-06-16 19:55 259040 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2015-06-10 20:38 . 2015-06-10 20:38 226784 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-05-25 18:24 . 2015-06-09 20:46 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-09 20:46 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-09 20:46 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-09 20:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-09 20:46 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-09 20:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-09 20:47 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 20:46 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 20:46 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-09 20:46 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 20:46 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-09 20:46 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-09 20:47 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-09 20:46 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-09 20:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-09 20:46 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 20:46 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 20:46 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 20:46 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-09 20:46 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-09 20:46 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 20:46 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 20:46 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-09 20:46 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-09 20:46 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-09 20:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-09 20:46 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-09 20:46 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-09 20:46 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-09 20:46 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 20:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-09 20:46 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 20:46 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-09 20:46 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-09 20:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-09 20:46 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 20:46 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 20:46 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-09 20:46 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 20:46 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 20:46 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-09 20:46 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-09 20:46 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-09 20:46 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-09 20:46 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 20:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM for Windows"="c:\users\Tiffany Barron\AppData\Local\AOL\AIM\aim.exe" [2013-09-09 1074216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-06-30 3730344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 15:27 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 01:37]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:59]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-174260949-2547485650-4126252976-1000\Software\P.J. .N.a.u.g.h.t.e.r*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-18  22:34:38
ComboFix-quarantined-files.txt  2015-07-19 02:34
.
Pre-Run: 605,853,388,800 bytes free
Post-Run: 636,574,109,696 bytes free
.
- - End Of File - - 6CC9A98F18B9C2FA28100F78F0F56A94
A36C5E4F47E84449FF07ED3517B43A31

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing now ?
  • 0

#14
NC-Native

NC-Native

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

So far it is doing so much better and I'm not getting any more errors when it reboots either.

 

Is it clean now?


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As far as I can see, I can either clean up now or let you run it for a while before I clean up .. Your choice :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP