Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG, MBAM disabled in Win 7 after momenatry blue screen [Solved]


  • This topic is locked This topic is locked

#61
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. We weren't ready to try the Disk2VHD yet. But the 450MB unallocated partition is perfect. Now, please do the following.

 

Move Boot Files to bigger Volume

1. Click your Start button and type cmd in the search box. Right-click on cmd that comes up in the results and select Run as administrator. Answer Yes to the UAC prompt if it appears.

2. Type or copy/paste the following lines one at a time and hit enter after each. If you get an error or anything unexpected when doing any one of the lines please stop and let me know.

diskpart

select disk 0

create partition primary

format FS=NTFS LABEL="SYSTEM" QUICK

assign letter z

active

exit

BCDBOOT C:\WINDOWS /S Z:

 

3. After you do the last line from above it should say the following in the command prompt window.

Boot files successfully created.

 

4. Also, in Disk Management, the Z: partition should show Healthy (Active, Primary Partition).

 

5. If all this is correct, please reboot your machine. Let me know when this is complete.


  • 0

Advertisements


#62
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

after DISKPART> create partition primary, "DiskPart succeeded in creating the specified partition." was the response in the cmd screen.  Then a "notice" window showed up, which read, "You need to format the disk in drive J: before you can use it. Do you want to format it?"

Two buttons appear to "Format Disk" and to "Cancel"..what should I do...the notice window is still up.


  • 0

#63
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Choose Cancel and continue with the steps. Thanks for asking. :thumbsup:


  • 0

#64
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Forget the last question...I saw the next line was a format command so put it in, followed the rest of the suggested insertion commands and after all was done, the "Boot Files successfully created" appeared.


  • 0

#65
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

In the Disk Management, the "Healthy, Active, etc...., etc..." appeared in the system Z partition...getting set for a reboot.


  • 0

#66
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Positive news.  Upon the reboot, the AVG Anti-Virus started up and began it's weekly scan (usually done on Weds morning). At the same time, I was able to download a new update for MalwareBytes, but didn't want to run the Malware scan at the same time the AVG was running. The Kaspersky program also started running as well, although I didin't have it perform a scan, again due to it conflicting with the AVG scan in progress.  Let me now how to proceed.


  • 0

#67
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent News!!

 

Let AVG complete its scan and remove anything that is found. Let me know if anything is detected.

 

Once this is complete, Run the Malwarebytes scan and remove anything that is detected and let me know if anything was in fact detected.

 

Then we'll go from there.


  • 0

#68
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Neither Malwarebytes nor AVG 2015 came up with anything detected.


  • 0

#69
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, let's finish your cleanup and get you buttoned up.

 

Step#1 - Warnings
Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets or at least have it enabled. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are outdated. We will be installing updated versions but I'd like to plug the vulnerability by getting rid of the old versions first.

 

Adobe Flash Player 15 Plugin
Adobe Flash Player 17 ActiveX
Java 7 Update 67
Malwarebytes Anti-Malware version 2.1.6.1022

 

Step#3 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

 

Step#4 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. Junkware Log
2. FRST and Addition logs
 


  • 0

#70
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

While I am doing the JRT & FRST exercises, just wanted to advise I encountered an error when trying to uninstall the Malwarebytes....   "Runtime Error at 96:80....could not proc." & the uninstall shut down.  Additionally, should I keep the extra administrator account added yesterday for your anticipated virtual machine, etc....and my presumption is the new sector (Z) will be left on?  Finally, do you have any idea as to what was causing the problem and where it may have been located on the computer?


  • 0

Advertisements


#71
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Note: I can now paste into this site...before the "fix, it would not allow me to.

 

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by - on Fri 09/04/2015 at 10:16:51.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\weatherbug

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{0913C820-5E9B-4A68-9D9D-F0F7509AB3F6}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{0CEF4EF6-89C4-4064-97EA-02CAD42E07DE}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{234E33F7-198D-42A3-B5A8-F857558E5D01}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{294F157F-A06C-4B77-BFAB-72D8078F01B5}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{2A0C3706-B7A9-4D3B-B70B-C665744A4DD6}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{38935E35-4E66-4F3F-833B-77B8D086A28D}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{71F16A16-5C36-4D06-BD02-8923C3585A90}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{75D13E90-77B0-421A-82CD-0174320DD767}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{8419A881-5A07-4E87-AA24-038AD9AFE850}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{993AFBD2-27A6-4793-86C3-C6A6495A0796}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{9C785FAE-5645-435A-91AD-196F17374F4D}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{AEF68B15-0A57-4F13-BA16-DB12AEBBBAC6}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{B0B20B3B-5659-437C-A1C6-FEA6489B22CB}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{BBDA42A1-7706-4292-8D65-E1FF9E881116}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{BBE08F26-93EB-452E-9B36-F2B92E0DF4F0}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{C9EB3E95-DFEC-4631-A429-4B56A82646BA}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{DBB376AB-42E5-4B02-BE28-91B6D973DE54}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{E2F30A93-92A0-4EE2-B229-96CF15F790C7}
Successfully deleted: [Empty Folder] C:\Users\-\Appdata\Local\{E72099BA-AF66-4E9D-9FC3-7DC136B8BE25}
Successfully deleted: [Folder] C:\Program Files\earth networks
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar
Successfully deleted: [Folder] C:\ProgramData\esellerate
Successfully deleted: [Folder] C:\Users\-\AppData\Roaming\download manager

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/04/2015 at 10:21:43.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


  • 0

#72
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

While I am doing the JRT & FRST exercises, just wanted to advise I encountered an error when trying to uninstall the Malwarebytes....   "Runtime Error at 96:80....could not proc." & the uninstall shut down. 

 

 

Thanks. We'll take care of this in subsequent steps.

 

Additionally, should I keep the extra administrator account added yesterday for your anticipated virtual machine, etc

 

You may delete. That was a part of my next instructions but go ahead and do now.

 

and my presumption is the new sector (Z) will be left on?

 

Not exactly. It will be in subsequent instructions. I didn't want to provide too many at once.

 

 Finally, do you have any idea as to what was causing the problem and where it may have been located on the computer?

 

Yes. I'll have some comments on this later. Again didn't want to do too much at once.

 

Note: I can now paste into this site...before the "fix, it would not allow me to.

 

Sweet!

 


  • 0

#73
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Two Farbar scans are here.  Note...I remembered after I had begin a FRST scan that you wanted a reboot after the JRT session...I could not find a way to terminate the scan in progress, so just shut down the computer to reboot.  This may show up in the data, but it was intentional.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by - (administrator) on --- (04-09-2015 10:45:54)
Running from C:\Users\-\Desktop
Loaded Profiles: - (Available Profiles: - & G2G)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sysinternals - www.sysinternals.com) C:\Windows\Sysmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE [72296 2014-07-02] (AOL Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.94.156.15 68.94.157.15 192.168.0.1
Tcpip\..\Interfaces\{B3108319-D40F-461F-9AEC-F44EE2E2F432}: [DhcpNameServer] 68.94.156.15 68.94.157.15 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {8E1D5C6C-692F-4D26-982E-63A4D052AB5B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {8E1D5C6C-692F-4D26-982E-63A4D052AB5B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://online.novanthealth.org/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-04] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3041954770-2689275738-3687636849-1000: @hulu.com/Hulu Desktop -> C:\Users\-\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-05-25] (Macrovision Europe Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-09-16] (Hewlett-Packard Company) [File not signed]
R2 Sysmon; C:\Windows\Sysmon.exe [815248 2015-09-03] (Sysinternals - www.sysinternals.com)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-11-13] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R0 SysmonDrv; C:\WINDOWS\SysmonDrv.sys [95568 2015-09-03] (Sysinternals - www.sysinternals.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 P17; system32\drivers\P17.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 10:36 - 2015-09-04 10:46 - 00015823 _____ C:\Users\-\Desktop\FRST.txt
2015-09-04 10:16 - 2015-09-04 10:16 - 01799392 _____ (Malwarebytes Corporation) C:\Users\-\Desktop\JRT.exe
2015-09-03 20:06 - 2015-09-03 20:06 - 00293136 _____ C:\WINDOWS\Minidump\090315-29234-01.dmp
2015-09-03 18:23 - 2015-09-03 18:23 - 00001304 _____ C:\Users\-\Desktop\Notepad.lnk
2015-09-03 18:10 - 2015-09-03 19:51 - 00000000 ____D C:\Users\-\AppData\Roaming\tor
2015-09-03 18:02 - 2015-09-03 20:06 - 511173455 _____ C:\Program Files\MEMORY.DMP
2015-09-03 18:02 - 2015-09-03 20:06 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-03 18:02 - 2015-09-03 18:02 - 00293136 _____ C:\WINDOWS\Minidump\090315-23041-01.dmp
2015-09-03 17:27 - 2015-09-03 18:14 - 00002141 _____ C:\WINDOWS\system32\1
2015-09-03 17:11 - 2015-09-03 17:11 - 07134400 _____ (Sysinternals - www.sysinternals.com) C:\Users\-\Desktop\disk2vhd.exe
2015-09-03 16:49 - 2015-09-03 16:49 - 00000000 ____D C:\Users\G2G\AppData\Roaming\Hewlett-Packard
2015-09-03 16:48 - 2015-09-03 16:49 - 00000000 ____D C:\Users\G2G\AppData\Local\Hewlett-Packard
2015-09-03 16:48 - 2015-09-03 16:48 - 00001419 _____ C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-03 16:48 - 2015-09-03 16:48 - 00000020 ___SH C:\Users\G2G\ntuser.ini
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G\AppData\Roaming\Adobe
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G\AppData\Local\VirtualStore
2015-09-03 16:48 - 2015-09-03 16:48 - 00000000 ____D C:\Users\G2G
2015-09-03 16:48 - 2012-10-13 13:27 - 00000000 ____D C:\Users\G2G\AppData\Roaming\TuneUp Software
2015-09-03 16:48 - 2012-10-06 13:14 - 00000000 ___RD C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-03 16:48 - 2012-10-06 13:14 - 00000000 ___RD C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-03 16:48 - 2010-05-23 00:59 - 00000000 ____D C:\Users\G2G\AppData\Local\Microsoft Help
2015-09-03 16:48 - 2010-01-21 22:44 - 00001972 _____ C:\Users\G2G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-09-03 10:34 - 2015-09-03 10:34 - 01118208 _____ C:\Users\-\Desktop\SysMon.evtx
2015-09-03 10:23 - 2015-09-03 10:23 - 00710948 _____ C:\WINDOWS\system32\CFG2825601889
2015-09-03 10:19 - 2015-09-03 10:19 - 00815248 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\Sysmon.exe
2015-09-03 10:19 - 2015-09-03 10:19 - 00095568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\SysmonDrv.sys
2015-09-03 10:18 - 2015-09-03 10:18 - 01521296 _____ (Sysinternals - www.sysinternals.com) C:\Users\-\Desktop\sysmon.exe
2015-09-02 16:39 - 2015-09-02 16:39 - 02188800 _____ (Farbar) C:\Users\-\Desktop\FRST64.exe
2015-09-02 11:57 - 2015-09-02 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIY DataRecovery MBRtool
2015-09-02 11:57 - 2015-09-02 11:57 - 00000000 ____D C:\Program Files (x86)\DIY DataRecovery MBRtool
2015-09-02 11:55 - 2015-09-02 11:55 - 02383977 _____ (DIY DataRecovery.nl ) C:\Users\-\Desktop\MBRtool_Setup.exe
2015-09-02 09:06 - 2015-09-02 09:06 - 00000000 ____D C:\Users\-\Desktop\FRST-OlderVersion
2015-09-01 11:51 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2015-09-01 11:51 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2015-08-31 10:45 - 2015-08-31 10:45 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-----Windows-7-Home-Premium-(64-bit).dat
2015-08-31 10:44 - 2015-08-31 10:44 - 00000000 ____D C:\RegBackup
2015-08-31 10:43 - 2015-08-31 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-31 10:43 - 2015-08-31 10:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-31 01:03 - 2015-09-04 10:45 - 00000000 ____D C:\FRST
2015-08-30 20:13 - 2015-08-31 01:20 - 00000000 ____D C:\Users\-\AppData\Local\Adobe
2015-08-30 19:28 - 2015-09-01 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-30 19:28 - 2015-09-01 15:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-28 22:14 - 2015-08-28 22:14 - 00000000 ____D C:\Users\-\AppData\Local\Apple
2015-08-15 13:51 - 2015-08-15 13:51 - 00000205 _____ C:\Users\-\Desktop\C-Media PCI Audio - Shortcut (2).lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 10:43 - 2010-03-19 08:29 - 01233668 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-04 10:38 - 2012-10-07 23:51 - 13891400 _____ C:\WINDOWS\PFRO.log
2015-09-04 10:38 - 2012-10-07 11:38 - 00017866 _____ C:\WINDOWS\setupact.log
2015-09-04 10:38 - 2009-07-14 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-04 10:08 - 2010-05-23 18:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-04 09:31 - 2014-09-17 10:13 - 00000000 ____D C:\ProgramData\MFAData
2015-09-03 23:55 - 2014-09-16 14:37 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 22:54 - 2009-07-14 00:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:54 - 2009-07-14 00:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 22:39 - 2009-07-14 01:38 - 00025600 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-09-03 22:39 - 2009-07-14 01:32 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-02 11:47 - 2009-07-14 01:13 - 00786598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-02 11:02 - 2010-05-20 13:53 - 00000000 ____D C:\Users\-
2015-09-02 11:00 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\registration
2015-09-01 16:17 - 2012-10-06 11:14 - 00000000 ___RD C:\Users\-\Desktop\Security
2015-08-31 00:24 - 2010-06-12 14:00 - 00000000 ____D C:\Users\-\AppData\Roaming\HpUpdate
2015-08-31 00:17 - 2014-09-26 23:41 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-08-31 00:17 - 2014-09-26 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-31 00:17 - 2014-09-16 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 00:17 - 2010-05-25 00:17 - 00000000 ____D C:\ProgramData\FLEXnet
2015-08-31 00:17 - 2010-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-31 00:17 - 2010-05-20 13:53 - 00000000 ____D C:\Users\-\AppData\Local\Hewlett-Packard
2015-08-31 00:17 - 2010-01-21 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-08-31 00:17 - 2010-01-21 22:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-08-31 00:17 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-31 00:13 - 2014-04-11 03:33 - 00000000 ____D C:\Users\-\AppData\Local\AOL
2015-08-30 22:11 - 2014-09-27 00:01 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-27 22:06 - 2014-05-19 00:46 - 00000000 ____D C:\Users\-\Documents\Barrow Broadcasting (Batten)
2015-08-27 19:30 - 2015-07-02 10:45 - 00000000 ____D C:\Users\-\Desktop\Syner West Virginia Translator
2015-08-19 11:26 - 2012-04-24 22:17 - 00000000 ____D C:\Users\-\AppData\Roaming\licenses
2015-08-11 18:55 - 2014-03-20 12:14 - 00000000 ____D C:\Users\-\Desktop\WZOO Asheboro
2015-08-11 02:05 - 2013-08-21 23:41 - 00000000 ____D C:\Users\-\AppData\Local\Deployment
2015-08-09 10:58 - 2015-08-02 22:52 - 00000000 ____D C:\Users\-\Desktop\Golf With Dave and Family 8-2-16

==================== Files in the root of some directories =======

2015-09-03 18:02 - 2015-09-03 20:06 - 511173455 _____ () C:\Program Files\MEMORY.DMP
2012-12-21 21:34 - 2012-12-21 21:34 - 0751078 _____ () C:\Users\-\AppData\Roaming\1.bmp
2012-12-21 21:34 - 2012-12-21 21:34 - 0114890 _____ () C:\Users\-\AppData\Roaming\1.jpg
2012-11-05 00:15 - 2012-11-05 00:37 - 0000077 _____ () C:\Users\-\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-05 00:14 - 2012-11-05 00:14 - 0001153 _____ () C:\Users\-\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-05 00:15 - 2012-11-05 00:37 - 0000077 _____ () C:\Users\-\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-02-04 23:15 - 2014-02-04 23:15 - 0000000 _____ () C:\Users\-\AppData\Roaming\SharedSettings.ccs
2011-05-15 12:36 - 2011-05-15 12:36 - 0020179 _____ () C:\Users\-\AppData\Roaming\UserTile.png
2010-05-22 21:56 - 2010-05-22 21:56 - 0000000 _____ () C:\Users\-\AppData\Roaming\wklnhst.dat
2010-11-21 23:40 - 2015-02-12 10:40 - 0010240 _____ () C:\Users\-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:46 - 2012-08-10 14:46 - 0027520 _____ () C:\Users\-\AppData\Local\dt.dat
2010-06-02 18:25 - 2014-10-29 10:20 - 0007603 _____ () C:\Users\-\AppData\Local\Resmon.ResmonCfg
2015-07-13 11:36 - 2015-07-13 11:36 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-01 10:44

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by - (2015-09-04 10:47:13)
Running from C:\Users\-\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

- (S-1-5-21-3041954770-2689275738-3687636849-1000 - Administrator - Enabled) => C:\Users\-
Administrator (S-1-5-21-3041954770-2689275738-3687636849-500 - Administrator - Disabled)
G2G (S-1-5-21-3041954770-2689275738-3687636849-1001 - Administrator - Enabled) => C:\Users\G2G
Guest (S-1-5-21-3041954770-2689275738-3687636849-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
All Video Downloader V 1.5 (HKLM-x32\...\All Video Downloader_is1) (Version: 1.5.0.0 - allvideodownloader.com)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM-x32\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1127 - ArcSoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.1.0.45 - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DIY DataRecovery MBRtool (HKLM-x32\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{E6403545-8324-47B4-ADCD-4F8A4CD8A1E1}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Help (HKLM-x32\...\{F80C8BC5-F15E-41AE-80BB-7BF670B56BA2}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8100 Product Improvement Study (HKLM\...\{80008B59-74E1-4284-BD1D-A73A22FB5C32}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
ICA (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}) (Version: 1.18.19.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
MakeMKV v1.8.1 (HKLM-x32\...\MakeMKV) (Version: v1.8.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Setup (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Share (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
Share64 (Version: 16.1.0.45 - Corel Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSClassic (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
VSUltimate (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Ze Converter V 1.1 (HKLM-x32\...\Ze Converter_is1) (Version: 1.1.0.0 - zeconverter.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-08-2015 13:47:53 Scheduled Checkpoint
25-08-2015 14:10:23 Scheduled Checkpoint
27-08-2015 03:31:13 Restore Operation
31-08-2015 10:33:59 before malware fix
02-09-2015 09:07:52 Restore Point Created by FRST
02-09-2015 09:53:01 Restore Point Created by FRST
02-09-2015 10:57:03 Restore Operation
02-09-2015 16:32:38 Restore Point Created by FRST
03-09-2015 10:21:57 Restore Point Created by FRST
04-09-2015 10:06:53 Removed Java 7 Update 67
04-09-2015 10:16:53 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-10-08 22:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3053F8DB-36F9-499C-B067-5CA2745C74DF} - System32\Tasks\{37D41F28-B1FB-4749-BF2D-664E8630CCE4} => C:\Program Files (x86)\AOL Desktop 9.6\aol.exe
Task: {3B4FC1B6-8937-4306-8D2B-A511B2472265} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {3EF3A432-E780-4BDF-978C-BA8593E6FC01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {52099A30-B699-4176-BC3A-DC2DAB6D0978} - System32\Tasks\{C534A890-E878-4DBD-A113-D019B7671CE4} => C:\Program Files (x86)\AOL Desktop 9.6\aol.exe
Task: {6FB680D9-00F8-48B9-9295-02CA5F5ACD85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ACD5441E-EBAC-43E6-916C-2CD77A80C77D} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {C6ADEFDB-5BFB-4C0E-AE6C-BC4F891D4784} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe [2012-11-01] (Hewlett-Packard Co.)
Task: {C91A757A-3C17-4A85-8591-13908F1F3B8B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {F14F809F-516C-4633-A9E5-7556216A8F2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {F5D3099D-9881-4323-B32E-B5B9CD1BDEB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN27RBK0QK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2009-09-14 20:17 - 2009-09-14 20:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-07-02 05:17 - 2014-07-02 05:17 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libcef.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libglesv2.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libegl.dll
2009-10-22 22:50 - 2009-10-22 22:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3041954770-2689275738-3687636849-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.94.156.15 - 68.94.157.15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b3zrgk.lnk => C:\Windows\pss\b3zrgk.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ArcSoft MediaImpression Monitor => C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: CmPCIaudio => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1378250238\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{828C3C71-3431-4546-8F89-2AD9F7CC4BCE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{69E0403C-D2E2-46E8-89D6-E3E7F8B36CBE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{F351DE41-C0DB-468F-B577-4461D91CC6CC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{79D212D7-C4EC-430B-B882-7155B025107B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9317C0DF-3AA4-4DAF-B440-C334A6C7504D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{E4C7F735-3720-446F-AECE-44AD2A42F9BF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{0DFF4545-37E2-4AE9-A030-C14340594D8E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{185621C1-D1A6-40FA-8DB2-FE128569BA16}] => (Allow) svchost.exe
FirewallRules: [{B3EC2BB3-FAEC-4142-996D-4C7211D2E49D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{67038F88-38AB-4237-8563-ED6C30523C21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{38BBEF36-93D4-4874-9636-15DB80FB4A84}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{6B1B117A-33C4-4C3B-BD87-DE5E2AAF81B0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{479373E9-253D-4013-936A-189E910DA642}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{D680CF66-7E01-499B-B438-8338B35D3678}] => (Allow) C:\Program Files (x86)\Common Files\aol\1275514242\ee\aolsoftware.exe
FirewallRules: [{3C427E61-6864-4627-BC1A-57DDEB892096}] => (Allow) C:\Program Files (x86)\Common Files\aol\1275514242\ee\aolsoftware.exe
FirewallRules: [{ABDD54AA-1B38-4822-BC8F-786E5A5062D2}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{86660C72-385C-4DC7-BCC4-CB70EF6BB4DB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{2BADC056-AB37-4A47-92B1-02E4A688818C}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{187347AD-03DA-40B4-BD1C-552DC07C97BA}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{ED7CC2CB-F889-415C-B35F-989646E78EA5}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{13C8C421-672E-432F-84D4-8F4A88E49CAD}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{3DB96FDC-EAAB-4E8E-B8A4-5284C984C6E3}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{69BCD9C5-ADB9-48B9-B89D-B3A632C95903}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{4D71495B-B256-464B-A0FB-54A82610C787}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{836EDBC5-ED92-47D3-B996-E5861B714058}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{982CD36C-18F5-441C-BE90-8C3D2A8C726F}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{7C9B33DC-04F6-4BB9-8193-83EABE97205D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{8474E0ED-4C47-41E6-B15B-0AA7C9136A65}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{EA0B01D1-43B4-4302-AA4F-2D6C11876D4E}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{262A870F-0787-4E2F-B79F-B29284C9F03D}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{286BF60D-FA07-4351-80A2-C96014778572}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{2C5C0F43-498D-494A-8168-3B1F2CCA5DC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2AF8B3A-7A96-42EC-A482-3A1A07ACB945}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB8C8D43-ACFD-416D-8F53-859984496462}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59362BC2-9F9D-4C85-90D5-F996967E92C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A630FCFC-51BE-4D26-8912-16AE13EC2EB6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ECC2DC52-217E-4899-BCC6-65FFA80C2C94}] => (Allow) LPort=2869
FirewallRules: [{B93828FB-DCA5-4C9B-950E-5AC57A8955D1}] => (Allow) LPort=1900
FirewallRules: [{BA758F7C-B0F5-4507-A54E-6F1EA96DEB91}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E55FD219-0A0D-4FC9-BE36-928665D390BD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9018F4FE-1F21-4EB8-9CD6-6A4867AC5CC8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{D365654D-7966-442E-BE23-95A09A26623F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A2ADC619-D9C6-460D-9B95-3B7DEB1D8C91}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1376918974\ee\aolsoftware.exe
FirewallRules: [{280F311B-F320-4880-9978-5209D4B8BAB7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1376918974\ee\aolsoftware.exe
FirewallRules: [{27C90569-C251-4F09-9C48-82F7B5F09436}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{97CD47B0-FEDA-437C-AD36-D35F84BCE3E2}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{DEDFBCED-4F46-4260-BCA7-6F23C432EF35}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{7BD0A31C-094C-4BEA-AB66-152056CB1F7D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [TCP Query User{F16CE905-99EC-4CF8-A043-61ADEBCE9DBE}C:\program files (x86)\microsoft office\office12\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [UDP Query User{1A687E59-1ABB-42CB-887E-538EF6FBC4EB}C:\program files (x86)\microsoft office\office12\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office12\winword.exe
FirewallRules: [{5351B3E1-9320-4959-907C-3E21F440682E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
FirewallRules: [{412B48EF-713C-40DF-8E78-C272AF09799C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1378250238\ee\aolsoftware.exe
FirewallRules: [{46933582-BA2B-4D3B-B51C-B5E24F2420D7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{0C8277BA-84F8-4D86-A39E-535CA7C78E34}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B9327A15-E829-4A6B-9F09-10CB0EEB5E3A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{254BEEEE-E622-48C7-A1AF-CCFA38892833}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{054511D7-D411-4BF5-AF55-CCA6F5972F37}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{5072425E-8AE2-42A4-AA6F-CFBA85EA59FF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{CE840254-4753-48B2-97B8-C317B0677E78}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{9FE6F0A6-012A-40FD-BB44-1E809BF33EC3}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe
FirewallRules: [{B0BE02C1-87BF-422B-9944-15BDCA540736}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1E9F1667-F866-4EB4-86CF-2E2CA2012DEC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3624C40-F71F-42B2-B53C-88A44E88AE11}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{9794F58E-6D11-48AA-8328-647B2B4E2C43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{ED5B54FE-1ED5-49A0-B7FA-F4268C57620D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8917E214-A472-4114-BB12-1503645629F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{1F2794BD-4DED-493C-AF7A-146FCBBF9199}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6A121635-12D8-4CFD-B188-92A888B770F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{12059287-6703-4C90-84FA-CEFA4F891360}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\DeviceSetup.exe
FirewallRules: [{02F5FEB0-5189-4460-9961-97CD62042CE8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E881B41F-D5D4-4CA9-95B5-13972152A774}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9B4411CD-AD03-43E9-8097-61624E3DCA46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{ADFD401D-0557-436F-86EF-E12C878B2DF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{565EDCF5-4971-43A5-97E8-B19046B0A3E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBFA60BF-AEFD-4D26-9775-8B8D49600DAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7AB5A778-FAA6-41EF-8EF7-8D182223394E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{43345F4C-E535-4DAC-9262-6A01CF1D8560}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2015 10:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00014f08
Faulting process id: 0x878
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/03/2015 09:11:40 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{501e0625-3352-11df-b392-806e6f6e6963} - 000000000000013C,0x0053c06c,000000000042DE10,0,000000000042CE00,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (09/03/2015 09:11:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9dd3830f-c695-420f-aaec-d0827320cd8c}

Error: (09/03/2015 08:39:14 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{501e0625-3352-11df-b392-806e6f6e6963} - 000000000000013C,0x0053c06c,000000000057DE10,0,000000000057CE00,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (09/03/2015 08:39:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9dd3830f-c695-420f-aaec-d0827320cd8c}

Error: (09/03/2015 05:59:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/03/2015 05:59:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/03/2015 05:59:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WeatherBug.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a68

Start Time: 01d0e6937a3355b0

Termination Time: 182

Application Path: C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe

Report Id: 021c39d9-5287-11e5-8060-00038a000015

Error: (09/03/2015 05:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x59c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/03/2015 05:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00014f08
Faulting process id: 0xb4c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (09/04/2015 10:41:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/04/2015 10:18:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2015 10:18:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2015 10:18:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sysmon service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Protexis Licensing V2 service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/04/2015 10:18:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================
Error: (03/29/2013 02:06:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 70 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/29/2013 02:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2730 seconds with 2280 seconds of active time.  This session ended with a crash.

CodeIntegrity:
===================================
  Date: 2012-10-08 22:55:22.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-08 22:55:22.649
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-24 13:49:11.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-24 13:49:11.767
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:57:35.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:57:35.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:56:01.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:56:01.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmudax3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:54:00.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\-\AppData\Local\Temp\{62B9EEF3-3A54-4B7C-8923-B55131312D72}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-05-22 17:54:00.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\-\AppData\Local\Temp\{62B9EEF3-3A54-4B7C-8923-B55131312D72}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X4 620 Processor
Percentage of memory in use: 61%
Total physical RAM: 5887.24 MB
Available physical RAM: 2252.15 MB
Total Virtual: 11772.66 MB
Available Virtual: 8160.72 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.06 GB) (Free:797.45 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.91 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive z: (SYSTEM) (Fixed) (Total:0.44 GB) (Free:0.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.1 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#74
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following. Note: I'm assuming you already removed the G2G local account since you asked about it so I won't mentioned it again.

 

Step#1 - UnInstall SysMon

1. Click your Start button and type cmd in the search box.

2. Right-Click on cmd.exe that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.

3. Copy/Paste the following into the command-prompt and hit enter.

%userprofile%\desktop\sysmon.exe -u

 

4. You should see something similar to the following in the command prompt window after running the command.

Stopping Sysmon..
Sysmon stopped.
Sysmon removed.
Stopping SysmonDrv.
SysmonDrv stopped.
SysmonDrv removed.
Removing service files.

 

5. You may close the command-prompt window now.

6. You may also delete the sysmon.exe file from your desktop.

 

Step#2 - Uninstall MBRtool & Tweaking Registry Backup & AOL

1. From Add/Remove programs go ahead and uninstall DIY DataRecovery MBRtool

2. From Add/Remove programs go ahead and uninstall Tweaking.com - Registry Backup   (if you aren't using)

3. From Add/Remove programs go ahead and run AOL Uninstaller and uninstall all AOL software (if you aren't using)

 

Step#3 - Adobe Acrobat Programs

1. Please ensure you open Adobe Acrobat and check for updates and ensure all updates are installed to plug any known vulnerabilities.

 

Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   689bytes   74 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#5 - Uninstall MBAM

1. Download the Malwarebytes removal tool and run it. Reboot when prompted.

2. Verify it is uninstalled

 

 

 

Items for your next post

1. Fixlog.txt


  • 0

#75
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

MBAM + sysMon has been uninstalled; plus items from step #2; here is the Fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by - (2015-09-04 22:12:15) Run:6
Running from C:\Users\-\Desktop
Loaded Profiles: - (Available Profiles: -)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
2015-09-03 18:10 - 2015-09-03 19:51 - 00000000 ____D C:\Users\-\AppData\Roaming\tor
2015-09-03 17:27 - 2015-09-03 18:14 - 00002141 _____ C:\WINDOWS\system32\1
2015-09-03 17:11 - 2015-09-03 17:11 - 07134400 _____ (Sysinternals - www.sysinternals.com) C:\Users\-\Desktop\disk2vhd.exe
2015-09-03 10:34 - 2015-09-03 10:34 - 01118208 _____ C:\Users\-\Desktop\SysMon.evtx
2015-09-03 10:23 - 2015-09-03 10:23 - 00710948 _____ C:\WINDOWS\system32\CFG2825601889
2015-09-02 11:55 - 2015-09-02 11:55 - 02383977 _____ (DIY DataRecovery.nl ) C:\Users\-\Desktop\MBRtool_Setup.exe
2015-09-03 18:02 - 2015-09-03 20:06 - 511173455 _____ () C:\Program Files\MEMORY.DMP
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\-\AppData\Roaming\tor => moved successfully
C:\WINDOWS\system32\1 => moved successfully
C:\Users\-\Desktop\disk2vhd.exe => moved successfully
C:\Users\-\Desktop\SysMon.evtx => moved successfully
C:\WINDOWS\system32\CFG2825601889 => moved successfully
C:\Users\-\Desktop\MBRtool_Setup.exe => moved successfully
"C:\Program Files\MEMORY.DMP" => File/Folder not found.
EmptyTemp: => 814 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 22:13:04 ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP