Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected with Babylon malware/virus


  • Please log in to reply

#1
ackattack

ackattack

    New Member

  • Member
  • Pip
  • 5 posts

Babylon malware/virus from what I read isn't really classified as malware but it certainly takes over control and interferes with my use of my pc. I tried to use these as instructed on how to remove Babylon. I used ADW Cleaner, followed, Junk ware removal tool, Malware bytes Anti Malware. Then checked it with Hitman pro but still seem to be coming up some threats. I could really use some help to see if I have taken care of the issues plaguing this machine.

 

I will attach the files next

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Kelli (administrator) on KELLI-PC (10-05-2016 23:37:48)
Running from E:\
Loaded Profiles: Kelli (Available Profiles: Kelli)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
Failed to access process -> FRST64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-21] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [15026056 2011-01-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-25] (Google Inc.)
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{A9AA22DD-82B3-4243-B209-D2F50909C5A3}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D4EE2762-C4EB-47F3-9327-5DC6FCFB8E58}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [2011-09-09] (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-26] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-10] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-19] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-26] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2016-05-10] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-10] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 23:27 - 2016-05-10 23:37 - 00000000 ____D C:\FRST
2016-05-10 11:21 - 2016-05-10 11:27 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 10:39 - 2016-05-10 10:39 - 00000000 ____D C:\Windows\system32\SPReview
2016-05-10 10:38 - 2016-05-10 10:38 - 00000000 ____D C:\Windows\system32\EventProviders
2016-05-10 01:59 - 2016-05-10 01:59 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-10 01:59 - 2016-05-10 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-10 01:59 - 2016-05-10 01:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-10 01:58 - 2016-05-10 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-10 01:15 - 2016-05-10 21:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-10 01:13 - 2016-05-10 01:13 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-10 01:13 - 2016-05-10 01:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-10 01:13 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-10 01:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-10 01:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-10 01:07 - 2016-05-09 23:37 - 22851472 _____ (Malwarebytes ) C:\Users\Kelli\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-10 01:03 - 2016-05-10 01:03 - 00005380 _____ C:\Users\Kelli\Desktop\JRT.txt
2016-05-10 00:38 - 2016-05-10 00:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-05-10 00:38 - 2016-05-10 00:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-05-10 00:34 - 2016-05-10 00:45 - 00000000 ____D C:\AdwCleaner
2016-05-10 00:34 - 2016-05-09 23:02 - 03640384 _____ C:\Users\Kelli\Desktop\adwcleaner_5.116.exe
2016-05-10 00:24 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-10 00:24 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-10 00:24 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-10 00:24 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-10 00:23 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-10 00:23 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-10 00:23 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-10 00:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-10 00:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-09 10:25 - 2016-05-09 10:28 - 02656844 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 23:28 - 2011-05-25 10:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 22:51 - 2010-12-11 02:05 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1CB0D46-13F7-4740-A215-045ADD28BC3B}
2016-05-10 22:35 - 2011-02-04 09:04 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\Skype
2016-05-10 21:34 - 2009-07-13 23:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-10 21:34 - 2009-07-13 23:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-10 21:28 - 2011-05-25 10:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 21:23 - 2011-05-25 10:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 21:23 - 2011-05-25 10:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 12:00 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-10 12:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-10 11:54 - 2011-06-02 09:28 - 00000402 _____ C:\Windows\Tasks\Free File Viewer Update Checker.job
2016-05-10 11:53 - 2010-12-11 02:48 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-05-10 11:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-10 11:20 - 2010-12-10 14:36 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 10:16 - 2010-12-10 17:00 - 00000000 _____ C:\Users\Kelli\AppData\LocalLow\prvlcl.dat
2016-05-10 01:56 - 2010-12-14 22:40 - 00000000 ____D C:\Users\Kelli\AppData\LocalLow\ProfileSong
2016-05-10 01:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2016-05-10 01:47 - 2011-06-18 01:25 - 00000000 ____D C:\Program Files (x86)\4shared Desktop
2016-05-10 01:47 - 2010-12-14 22:40 - 00000000 ____D C:\Program Files (x86)\ProfileSong
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\Yahoo!
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Users\Kelli\AppData\LocalLow\Yahoo!
2016-05-10 00:45 - 2011-06-02 09:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-10 00:40 - 2010-12-10 16:38 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2016-05-10 00:39 - 2011-04-14 17:48 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-05-10 00:38 - 2010-12-10 16:39 - 00000963 _____ C:\Users\Public\Desktop\AVG 2011.lnk
2016-05-10 00:15 - 2010-12-09 18:14 - 00000000 ____D C:\Users\Kelli
2016-05-10 00:12 - 2011-03-13 21:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-05-10 00:12 - 2009-07-14 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 00:12 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-05-10 00:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Setup
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\ras
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\oobe
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\ias
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-10 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-10 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-05-09 20:56 - 2011-06-02 09:28 - 00000000 ____D C:\Users\Kelli\AppData\Local\WeatherBug
2016-05-09 20:56 - 2011-02-04 09:05 - 00000000 ____D C:\Users\Kelli\AppData\Roaming\skypePM

==================== Files in the root of some directories =======

2011-02-04 09:05 - 2011-02-04 09:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Kelli\AppData\Local\Temp\7za.exe
C:\Users\Kelli\AppData\Local\Temp\Babylon.exe
C:\Users\Kelli\AppData\Local\Temp\GLF22A2.tmp.ConduitEngineSetup.exe
C:\Users\Kelli\AppData\Local\Temp\GLFCBCF.tmp.ConduitEngineSetup.exe
C:\Users\Kelli\AppData\Local\Temp\installer.exe
C:\Users\Kelli\AppData\Local\Temp\libeay32.dll
C:\Users\Kelli\AppData\Local\Temp\Modio Launcher.exe
C:\Users\Kelli\AppData\Local\Temp\mssinstaller.exe
C:\Users\Kelli\AppData\Local\Temp\msvcr120.dll
C:\Users\Kelli\AppData\Local\Temp\nscD9.tmp.ConduitEngineEmbbed.exe
C:\Users\Kelli\AppData\Local\Temp\nsk7E37.tmp.ConduitEngineEmbbed.exe
C:\Users\Kelli\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Kelli\AppData\Local\Temp\setupus.exe
C:\Users\Kelli\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kelli\AppData\Local\Temp\sqlite3.dll
C:\Users\Kelli\AppData\Local\Temp\{09F8DEC1-234E-4A58-AF1D-3288CAD28E8F}-GoogleUpdateSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2011-08-18 00:35

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Kelli (2016-05-10 23:38:42)
Running from E:\
Windows 7 Professional (X64) (2010-12-09 23:14:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2173481838-1638010921-1895009495-500 - Administrator - Disabled)
Guest (S-1-5-21-2173481838-1638010921-1895009495-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2173481838-1638010921-1895009495-1003 - Limited - Enabled)
Kelli (S-1-5-21-2173481838-1638010921-1895009495-1000 - Administrator - Enabled) => C:\Users\Kelli

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4shared Desktop (HKLM-x32\...\4shared Desktop) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.4311 - AVG Technologies) Hidden
Downvision (HKLM-x32\...\{A7547CB7-F611-421E-826A-956A48092150}) (Version: 1.0.3 - DownVision) <==== ATTENTION
Free File Opener v2011.7.0.1 (HKLM-x32\...\Free File Opener_is1) (Version: 2011.7.0.1 - Free File Opener, LLC)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Freeze.com NetAssistant (HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\NetAssistant) (Version: 3.8.3 - Freeze.com)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
ProfileSong Toolbar (HKLM-x32\...\ProfileSong Toolbar) (Version: 6.3.3.3 - ProfileSong)
Skype™ 5.1 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10722 - TeamViewer GmbH)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WeatherBug (HKLM-x32\...\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}) (Version: 7.0.0.3 - AWS Convergence Technologies)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {468F129C-2389-4B7C-8F76-7EAD45B0CFD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
Task: {6E69F2A9-0A2A-46B8-B6D9-5C9FC94520A1} - System32\Tasks\{117C2BB7-373F-435A-A4CE-242B5CBCC2AC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-01-26] (Skype Technologies S.A.)
Task: {AB0C04AB-235C-44AF-BC07-F8F3DA23F351} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: {C6821991-561B-474B-82FF-DCDC90F3F9B6} - System32\Tasks\{5B299CFD-CC93-4945-8DC9-7C5D772BB3E2} => pcalua.exe -a "C:\Users\Kelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVKOU6J\jre-6u25-windows-i586-iftw[1].exe" -d C:\Users\Kelli\Desktop
Task: {E93D1FC8-37E1-4E16-B8DB-A1F6C19FF3E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\...\convergys.com -> hxxps://my.convergys.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2173481838-1638010921-1895009495-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0B5805B4-6398-463B-84EE-46CAD8272F7F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{056663CE-6D61-4991-8D28-657132F1D2C2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{C4BBDDB6-2A6F-4FD6-83D8-8096CA274864}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{ECB9A61B-FF8E-434B-85BA-31E474D95C2A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{A4A3A4A6-D7DE-44BA-90A3-4E5AA2522D9C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{96C78C69-E1D3-44CE-B834-BB70693A786F}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{739C6DF0-9252-46F1-87C0-C7BBF0B51C33}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{D0C55761-9725-49E7-8AFC-FBCD98C8AEF2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{31D7AC30-7E76-463A-A692-866EF50506EB}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{0125FB0C-1FB8-45EC-ABCF-ABACF0383CDE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{764625CE-920B-4445-B335-D421C029A57A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{A05C8C55-7933-41A9-A25B-81DCC6E62939}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [TCP Query User{8A42F97F-B753-4C7C-9843-20C491DFF1A1}C:\program files (x86)\downvision\downvision.exe] => (Allow) C:\program files (x86)\downvision\downvision.exe
FirewallRules: [UDP Query User{586D3BDB-6233-4906-BC2D-C44AF9F1A21A}C:\program files (x86)\downvision\downvision.exe] => (Allow) C:\program files (x86)\downvision\downvision.exe
FirewallRules: [{4B8AAC6F-0B8E-44C1-A337-A2AAB6F63F1A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{BA1CA4E8-14A6-434D-8292-738E74872283}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{A087C685-5739-479A-8BAA-082EBB4C43AE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{2656EDD3-E445-4CE7-A292-F1D291A073C3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{8D114496-69C9-4CB5-ABE0-BC10ED787082}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{CBDD0ADB-7278-4888-9F7E-E3FA2DBE23DE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{A5DAF8B2-DDB2-4AAE-9FD3-8EAF0EE7D47D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{2021A714-7023-4BE9-A8E7-129853316D12}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{19D6FB01-48D1-456F-A64B-6E69589E3E19}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{DE932608-FF29-484D-952A-6455F606CDF7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: Alps Pointing-device
Description: Alps Pointing-device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: E:\
Description: USB Flash Memory
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer:        
Service: WUDFRd
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000395EB80.72).  hr = 0x80070005, Access is denied.
.

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007bc,(null),0,REG_BINARY,000000000ADFE040.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {c3c2b828-dbbe-4399-88ee-e7477fefcecb}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008e0,(null),0,REG_BINARY,000000000550E0A0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {a6d5baa4-5bac-4e48-bff4-5d1fe656e553}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,(null),0,REG_BINARY,0000000006B5E200.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {cbd29457-43d5-49eb-9a1b-c7e69f7bdf5d}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007bc,(null),0,REG_BINARY,000000000ADFE040.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {c3c2b828-dbbe-4399-88ee-e7477fefcecb}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008e0,(null),0,REG_BINARY,000000000550E0A0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {a6d5baa4-5bac-4e48-bff4-5d1fe656e553}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f8,(null),0,REG_BINARY,0000000006B5E200.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {cbd29457-43d5-49eb-9a1b-c7e69f7bdf5d}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000113F390.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {16e66192-40a8-42b4-ad2a-33e971a57bb2}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,(null),0,REG_BINARY,000000000212EDE0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {21422b41-1d99-4cef-9f06-a7571e84d298}

Error: (05/10/2016 11:26:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,(null),0,REG_BINARY,000000000113F390.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {16e66192-40a8-42b4-ad2a-33e971a57bb2}

System errors:
=============
Error: (05/10/2016 11:34:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/10/2016 11:12:45 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/10/2016 11:12:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (05/10/2016 10:36:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/10/2016 10:36:45 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/10/2016 10:36:30 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/10/2016 09:17:24 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/10/2016 09:17:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/10/2016 09:17:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/10/2016 09:17:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

==================== Memory info ===========================

Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 54%
Total physical RAM: 2814.36 MB
Available physical RAM: 1268.58 MB
Total Virtual: 5626.86 MB
Available Virtual: 3571.49 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:111.79 GB) (Free:79.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.73 GB) (Free:1.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F6747381)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 6F2F1C40)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of Addition.txt ============================


Edited by ackattack, 10 May 2016 - 09:16 PM.

  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi ackattack,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Please do not run tools on your own without the supervision of a expert/helper. As it may cause more harm than good to your system.

I would require a fresh set of FRST log.

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

 

Please also post the following log (if still exist):

  • AdwCleaner log => C:\AdwCleaner\AdwCleaner[C*].txt (* refers to the latest number)
  • Junkware Removal Tool => JRT.txt that exists on the same location (folder) where you ran Junkware Removal Tool
  • MalwareBytes log
    • Open MalwareBytes -> Go to History, select Application Logs and click the latest Scan Log.
    • Click Export, then click Copy to Clipboard
    • Paste the log in your reply

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP