Babylon malware/virus from what I read isn't really classified as malware but it certainly takes over control and interferes with my use of my pc. I tried to use these as instructed on how to remove Babylon. I used ADW Cleaner, followed, Junk ware removal tool, Malware bytes Anti Malware. Then checked it with Hitman pro but still seem to be coming up some threats. I could really use some help to see if I have taken care of the issues plaguing this machine.
I will attach the files next
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Kelli (administrator) on KELLI-PC (10-05-2016 23:37:48)
Running from E:\
Loaded Profiles: Kelli (Available Profiles: Kelli)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
Failed to access process -> FRST64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-21] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [15026056 2011-01-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-25] (Google Inc.)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A9AA22DD-82B3-4243-B209-D2F50909C5A3}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D4EE2762-C4EB-47F3-9327-5DC6FCFB8E58}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [2011-09-09] (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-26] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-19] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-26] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2016-05-10] [not signed]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-10] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-10 23:27 - 2016-05-10 23:37 - 00000000 ____D C:\FRST
2016-05-10 11:21 - 2016-05-10 11:27 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 10:39 - 2016-05-10 10:39 - 00000000 ____D C:\Windows\system32\SPReview
2016-05-10 10:38 - 2016-05-10 10:38 - 00000000 ____D C:\Windows\system32\EventProviders
2016-05-10 01:59 - 2016-05-10 01:59 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-10 01:59 - 2016-05-10 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-10 01:59 - 2016-05-10 01:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-10 01:58 - 2016-05-10 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-10 01:15 - 2016-05-10 21:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-10 01:13 - 2016-05-10 01:13 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-10 01:13 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-10 01:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-10 01:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-10 01:07 - 2016-05-09 23:37 - 22851472 _____ (Malwarebytes ) C:\Users\Kelli\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-10 01:03 - 2016-05-10 01:03 - 00005380 _____ C:\Users\Kelli\Desktop\JRT.txt
2016-05-10 00:38 - 2016-05-10 00:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-05-10 00:38 - 2016-05-10 00:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-05-10 00:34 - 2016-05-10 00:45 - 00000000 ____D C:\AdwCleaner
2016-05-10 00:34 - 2016-05-09 23:02 - 03640384 _____ C:\Users\Kelli\Desktop\adwcleaner_5.116.exe
2016-05-10 00:24 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-10 00:24 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-10 00:24 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-10 00:24 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-10 00:23 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-10 00:23 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-10 00:23 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-10 00:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-10 00:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-09 10:25 - 2016-05-09 10:28 - 02656844 _____ C:\Windows\ntbtlog.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-10 23:28 - 2011-05-25 10:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 22:51 - 2010-12-11 02:05 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1CB0D46-13F7-4740-A215-045ADD28BC3B}
2016-05-10 22:35 - 2011-02-04 09:04 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\Skype
2016-05-10 21:34 - 2009-07-13 23:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-10 21:34 - 2009-07-13 23:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-10 21:28 - 2011-05-25 10:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 21:23 - 2011-05-25 10:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 21:23 - 2011-05-25 10:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 12:00 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-10 12:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-10 11:54 - 2011-06-02 09:28 - 00000402 _____ C:\Windows\Tasks\Free File Viewer Update Checker.job
2016-05-10 11:53 - 2010-12-11 02:48 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-05-10 11:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-10 11:20 - 2010-12-10 14:36 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 10:16 - 2010-12-10 17:00 - 00000000 _____ C:\Users\Kelli\AppData\LocalLow\prvlcl.dat
2016-05-10 01:56 - 2010-12-14 22:40 - 00000000 ____D C:\Users\Kelli\AppData\LocalLow\ProfileSong
2016-05-10 01:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2016-05-10 01:47 - 2011-06-18 01:25 - 00000000 ____D C:\Program Files (x86)\4shared Desktop
2016-05-10 01:47 - 2010-12-14 22:40 - 00000000 ____D C:\Program Files (x86)\ProfileSong
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\Yahoo!
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Users\Kelli\AppData\LocalLow\Yahoo!
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-10 00:40 - 2010-12-10 16:38 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2016-05-10 00:39 - 2011-04-14 17:48 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-05-10 00:38 - 2010-12-10 16:39 - 00000963 _____ C:\Users\Public\Desktop\AVG 2011.lnk
2016-05-10 00:15 - 2010-12-09 18:14 - 00000000 ____D C:\Users\Kelli
2016-05-10 00:12 - 2011-03-13 21:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-05-10 00:12 - 2009-07-14 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 00:12 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Setup
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\ras
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\oobe
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\ias
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-10 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-05-09 20:56 - 2011-06-02 09:28 - 00000000 ____D C:\Users\Kelli\AppData\Local\WeatherBug
2016-05-09 20:56 - 2011-02-04 09:05 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\skypePM
==================== Files in the root of some directories =======
2011-02-04 09:05 - 2011-02-04 09:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Kelli\AppData\Local\Temp\7za.exe
C:\Users\Kelli\AppData\Local\Temp\Babylon.exe
C:\Users\Kelli\AppData\Local\Temp\GLF22A2.tmp.ConduitEngineSetup.exe
C:\Users\Kelli\AppData\Local\Temp\GLFCBCF.tmp.ConduitEngineSetup.exe
C:\Users\Kelli\AppData\Local\Temp\installer.exe
C:\Users\Kelli\AppData\Local\Temp\libeay32.dll
C:\Users\Kelli\AppData\Local\Temp\Modio Launcher.exe
C:\Users\Kelli\AppData\Local\Temp\mssinstaller.exe
C:\Users\Kelli\AppData\Local\Temp\msvcr120.dll
C:\Users\Kelli\AppData\Local\Temp\nscD9.tmp.ConduitEngineEmbbed.exe
C:\Users\Kelli\AppData\Local\Temp\nsk7E37.tmp.ConduitEngineEmbbed.exe
C:\Users\Kelli\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Kelli\AppData\Local\Temp\setupus.exe
C:\Users\Kelli\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kelli\AppData\Local\Temp\sqlite3.dll
C:\Users\Kelli\AppData\Local\Temp\{09F8DEC1-234E-4A58-AF1D-3288CAD28E8F}-GoogleUpdateSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2011-08-18 00:35
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Kelli (2016-05-10 23:38:42)
Running from E:\
Windows 7 Professional (X64) (2010-12-09 23:14:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2173481838-1638010921-1895009495-500 - Administrator - Disabled)
Guest (S-1-5-21-2173481838-1638010921-1895009495-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2173481838-1638010921-1895009495-1003 - Limited - Enabled)
Kelli (S-1-5-21-2173481838-1638010921-1895009495-1000 - Administrator - Enabled) => C:\Users\Kelli
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4shared Desktop (HKLM-x32\...\4shared Desktop) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.4311 - AVG Technologies) Hidden
Downvision (HKLM-x32\...\{A7547CB7-F611-421E-826A-956A48092150}) (Version: 1.0.3 - DownVision) <==== ATTENTION
Free File Opener v2011.7.0.1 (HKLM-x32\...\Free File Opener_is1) (Version: 2011.7.0.1 - Free File Opener, LLC)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
Freeze.com NetAssistant (HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\NetAssistant) (Version: 3.8.3 - Freeze.com)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
ProfileSong Toolbar (HKLM-x32\...\ProfileSong Toolbar) (Version: 6.3.3.3 - ProfileSong)
Skype™ 5.1 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10722 - TeamViewer GmbH)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 - AWS Convergence Technologies)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {468F129C-2389-4B7C-8F76-7EAD45B0CFD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
Task: {6E69F2A9-0A2A-46B8-B6D9-5C9FC94520A1} - System32\Tasks\{117C2BB7-373F-435A-A4CE-242B5CBCC2AC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-01-26] (Skype Technologies S.A.)
Task: {AB0C04AB-235C-44AF-BC07-F8F3DA23F351} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: {C6821991-561B-474B-82FF-DCDC90F3F9B6} - System32\Tasks\{5B299CFD-CC93-4945-8DC9-7C5D772BB3E2} => pcalua.exe -a "C:\Users\Kelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVKOU6J\jre-6u25-windows-i586-iftw[1].exe" -d C:\Users\Kelli\Desktop
Task: {E93D1FC8-37E1-4E16-B8DB-A1F6C19FF3E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\convergys.com -> hxxps://my.convergys.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0B5805B4-6398-463B-84EE-46CAD8272F7F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{056663CE-6D61-4991-8D28-657132F1D2C2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{C4BBDDB6-2A6F-4FD6-83D8-8096CA274864}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{ECB9A61B-FF8E-434B-85BA-31E474D95C2A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{A4A3A4A6-D7DE-44BA-90A3-4E5AA2522D9C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{96C78C69-E1D3-44CE-B834-BB70693A786F}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{739C6DF0-9252-46F1-87C0-C7BBF0B51C33}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{D0C55761-9725-49E7-8AFC-FBCD98C8AEF2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{31D7AC30-7E76-463A-A692-866EF50506EB}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{0125FB0C-1FB8-45EC-ABCF-ABACF0383CDE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{764625CE-920B-4445-B335-D421C029A57A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{A05C8C55-7933-41A9-A25B-81DCC6E62939}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [TCP Query User{8A42F97F-B753-4C7C-9843-20C491DFF1A1}C:\program files (x86)\downvision\downvision.exe] => (Allow) C:\program files (x86)\downvision\downvision.exe
FirewallRules: [UDP Query User{586D3BDB-6233-4906-BC2D-C44AF9F1A21A}C:\program files (x86)\downvision\downvision.exe] => (Allow) C:\program files (x86)\downvision\downvision.exe
FirewallRules: [{4B8AAC6F-0B8E-44C1-A337-A2AAB6F63F1A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{BA1CA4E8-14A6-434D-8292-738E74872283}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{A087C685-5739-479A-8BAA-082EBB4C43AE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{2656EDD3-E445-4CE7-A292-F1D291A073C3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{8D114496-69C9-4CB5-ABE0-BC10ED787082}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{CBDD0ADB-7278-4888-9F7E-E3FA2DBE23DE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{A5DAF8B2-DDB2-4AAE-9FD3-8EAF0EE7D47D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{2021A714-7023-4BE9-A8E7-129853316D12}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{19D6FB01-48D1-456F-A64B-6E69589E3E19}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{DE932608-FF29-484D-952A-6455F606CDF7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Name: Alps Pointing-device
Description: Alps Pointing-device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: E:\
Description: USB Flash Memory
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer:
Service: WUDFRd
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".
==================== Event log errors: =========================
Application errors:
==================
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000395EB80.72). hr = 0x80070005, Access is denied.
.
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007bc,(null),0,REG_BINARY,000000000ADFE040.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {c3c2b828-dbbe-4399-88ee-e7477fefcecb}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008e0,(null),0,REG_BINARY,000000000550E0A0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6d5baa4-5bac-4e48-bff4-5d1fe656e553}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,(null),0,REG_BINARY,0000000006B5E200.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cbd29457-43d5-49eb-9a1b-c7e69f7bdf5d}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007bc,(null),0,REG_BINARY,000000000ADFE040.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {c3c2b828-dbbe-4399-88ee-e7477fefcecb}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008e0,(null),0,REG_BINARY,000000000550E0A0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a6d5baa4-5bac-4e48-bff4-5d1fe656e553}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,(null),0,REG_BINARY,0000000006B5E200.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cbd29457-43d5-49eb-9a1b-c7e69f7bdf5d}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000113F390.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {16e66192-40a8-42b4-ad2a-33e971a57bb2}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,(null),0,REG_BINARY,000000000212EDE0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {21422b41-1d99-4cef-9f06-a7571e84d298}
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000113F390.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {16e66192-40a8-42b4-ad2a-33e971a57bb2}
System errors:
=============
Error: (05/10/2016 11:34:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (05/10/2016 11:12:45 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/10/2016 11:12:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
Error: (05/10/2016 10:36:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/10/2016 10:36:45 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/10/2016 10:36:30 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/10/2016 09:17:24 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/10/2016 09:17:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/10/2016 09:17:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/10/2016 09:17:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
==================== Memory info ===========================
Processor: AMD Athlon II Dual-Core M300
Percentage of memory in use: 54%
Total physical RAM: 2814.36 MB
Available physical RAM: 1268.58 MB
Total Virtual: 5626.86 MB
Available Virtual: 3571.49 MB
==================== Drives ================================
Drive c: (New Volume) (Fixed) (Total:111.79 GB) (Free:79.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.73 GB) (Free:1.38 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F6747381)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 6F2F1C40)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
==================== End of Addition.txt ============================
Edited by ackattack, 10 May 2016 - 09:16 PM.