Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Desktop has me stumped


  • This topic is locked This topic is locked
15 replies to this topic

#1 Binzie

Binzie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 10 May 2014 - 06:12 AM

Mod Edit: moved from AII and merged 3 posts ~~ boopme

Mothers PC dell i5 mini tower was reported to me due to no internet (win 8.1)
Upon startup the no network in the splash screen is there
 
ran the AVG free scan nothing 
 
Checked networking and it said no hardware
 
security essentials wont start even out of local settings, i put spybot s&d on but it wont scan 
 
ran malware bytes and the rootkit version ....nothing 
 
Junkware removal tool hangs at CMD 
 
ADW cleaner removed a few bits of nowt but no movement
 
I uninstalled drivers for network card and wifi and now it fails upon re-installing 
 
Office is corrupt and fails 
 
it is connected LAN but no lights on rear of card 
 
Any ideas prior to attempted reinstall, which I think will fail too as installation is on a partition ?


DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17037
Run by margaret at 12:23:08 on 2014-05-10
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.outfox.tv/?referid=179
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://dell13.msn.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: MSN GamesBar: {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
TB: MSN GamesBar: {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CStart8] "C:\Program Files (x86)\CStart8\CStart8Tray64.exe" /STARTUP
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\margaret\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 194.168.4.100 194.168.8.100
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: MSN GamesBar: {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: MSN GamesBar: {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-10 09:05:16 -------- d-----w- C:\AdwCleaner
2014-05-09 19:26:40 3837440 ------w- C:\WINDOWS\System32\athwbx.sys
2014-05-09 19:17:39 -------- d-----w- C:\Program Files (x86)\Realtek
2014-05-09 16:54:08 63192 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-05-09 16:54:08 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-05-09 16:54:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 16:43:57 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-09 16:43:54 119512 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-05-09 16:43:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-09 16:43:44 91352 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-05-07 19:28:13 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2014-05-07 19:28:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-07 19:28:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 19:27:48 -------- d-----w- C:\Users\margaret\AppData\Local\Programs
2014-05-05 17:35:37 -------- d-sh--w- C:\found.000
2014-05-04 16:00:23 -------- d-----w- C:\Users\margaret\AppData\Local\ElevatedDiagnostics
2014-04-25 09:45:30 -------- d-sh--w- C:\Users\margaret\AppData\Local\EmieUserList
2014-04-25 09:45:30 -------- d-sh--w- C:\Users\margaret\AppData\Local\EmieSiteList
2014-04-23 10:13:57 217776 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10237.bin
2014-04-21 09:25:46 381952 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2014-04-21 09:25:46 190976 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2014-04-21 09:25:46 1705984 ----a-w- C:\WINDOWS\System32\wucltux.dll
2014-04-19 11:21:59 99328 ----a-w- C:\WINDOWS\System32\BdeHdCfgLib.dll
2014-04-19 11:21:59 69120 ----a-w- C:\WINDOWS\System32\l2gpstore.dll
2014-04-19 11:21:59 58368 ----a-w- C:\WINDOWS\SysWow64\l2gpstore.dll
2014-04-19 11:21:59 53248 ----a-w- C:\WINDOWS\SysWow64\tsgqec.dll
2014-04-19 11:21:59 443904 ----a-w- C:\WINDOWS\System32\wlansec.dll
2014-04-19 11:21:59 274944 ----a-w- C:\WINDOWS\System32\WsmWmiPl.dll
2014-04-19 11:21:59 130560 ----a-w- C:\WINDOWS\System32\BdeHdCfg.exe
2014-04-19 11:21:59 11264 ----a-w- C:\WINDOWS\SysWow64\wlanhlp.dll
2014-04-19 11:21:59 11264 ----a-w- C:\WINDOWS\System32\wlanhlp.dll
2014-04-19 11:20:12 84992 ----a-w- C:\WINDOWS\System32\drivers\en-US\ntfs.sys.mui
2014-04-19 11:09:56 592896 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2014-04-19 11:08:59 721408 ----a-w- C:\WINDOWS\System32\twinapi.dll
2014-04-19 11:07:59 716288 ----a-w- C:\WINDOWS\System32\ntshrui.dll
2014-04-19 11:06:58 376320 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2014-04-19 11:05:56 156672 ----a-w- C:\WINDOWS\System32\RelPost.exe
2014-04-19 11:04:59 8192 ---ha-w- C:\WINDOWS\System32\ext-ms-win-ntuser-private-l1-1-1.dll
2014-04-19 10:21:26 811696 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-19 10:21:26 809648 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-19 10:21:25 2678784 ----a-w- C:\WINDOWS\System32\SettingsHandlers.dll
2014-04-19 10:00:46 233912 ----a-w- C:\WINDOWS\System32\mfps.dll
2014-04-19 10:00:37 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-04-19 10:00:37 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-04-19 10:00:37 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
2014-04-19 10:00:37 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-04-19 10:00:37 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-04-19 10:00:37 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-04-19 10:00:36 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-04-18 14:01:56 237336 ----a-w- C:\WINDOWS\System32\drivers\avgidsdrivera.sys
2014-04-11 11:13:18 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-04-10 14:19:28 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
.
==================== Find3M  ====================
.
2014-04-27 10:28:05 50464 ----a-w- C:\WINDOWS\System32\drivers\avgtpx64.sys
2014-04-23 00:24:21 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-04-23 00:24:21 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 15:06:48 274712 ----a-w- C:\WINDOWS\System32\drivers\avgwfpa.sys
2014-03-31 15:06:26 130840 ----a-w- C:\WINDOWS\System32\drivers\avgmfx64.sys
2014-03-27 21:14:26 192792 ----a-w- C:\WINDOWS\System32\drivers\avgidsha.sys
2014-03-27 21:14:24 153368 ----a-w- C:\WINDOWS\System32\drivers\avgdiska.sys
2014-03-27 21:07:10 236824 ----a-w- C:\WINDOWS\System32\drivers\avgldx64.sys
2014-03-27 21:05:02 324376 ----a-w- C:\WINDOWS\System32\drivers\avgloga.sys
2014-03-27 21:03:16 32536 ----a-w- C:\WINDOWS\System32\drivers\avgrkx64.sys
2014-03-20 03:41:24 2013016 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2014-03-20 03:41:20 376152 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2014-03-20 03:40:33 1112536 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2014-03-20 01:29:27 4268544 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
2014-03-20 00:53:21 950784 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2014-03-20 00:48:30 201216 ----a-w- C:\WINDOWS\System32\ReInfo.dll
2014-03-19 23:39:38 800256 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2014-03-19 23:36:36 172544 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2014-03-19 07:13:45 836096 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2014-03-19 05:57:41 621568 ----a-w- C:\WINDOWS\System32\MDMAgent.exe
2014-03-19 05:50:30 79360 ----a-w- C:\WINDOWS\System32\w32tm.exe
2014-03-19 05:31:29 1656832 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2014-03-19 05:20:42 70656 ----a-w- C:\WINDOWS\SysWow64\w32tm.exe
2014-03-19 05:08:11 1351168 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2014-03-19 04:41:59 721408 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2014-03-19 04:21:25 418816 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-03-19 04:17:44 872448 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2014-03-13 12:35:24 157016 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2014-03-13 06:08:05 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2014-03-13 06:01:01 2441216 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2014-03-11 15:18:33 1015808 ----a-w- C:\WINDOWS\System32\aclui.dll
2014-03-11 15:02:25 794112 ----a-w- C:\WINDOWS\System32\fvewiz.dll
2014-03-11 14:28:41 887296 ----a-w- C:\WINDOWS\SysWow64\aclui.dll
2014-03-11 14:25:32 100352 ----a-w- C:\WINDOWS\System32\BitLockerDeviceEncryption.exe
2014-03-11 14:05:16 210944 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2014-03-11 14:03:17 339456 ----a-w- C:\WINDOWS\System32\bdesvc.dll
2014-03-11 14:00:28 720896 ----a-w- C:\WINDOWS\System32\fveapi.dll
2014-03-11 13:21:37 918528 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-03-11 13:02:13 629760 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-03-11 12:42:54 2641920 ----a-w- C:\WINDOWS\System32\authui.dll
2014-03-11 12:35:11 2317824 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2014-03-08 20:47:48 180056 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2014-03-08 20:47:17 565536 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2014-03-08 20:40:16 136024 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2014-03-08 20:38:31 1542768 ----a-w- C:\WINDOWS\System32\ole32.dll
2014-03-08 20:35:45 467800 -c--a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2014-03-08 20:35:45 337752 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2014-03-08 15:29:39 356848 ----a-w- C:\WINDOWS\System32\dcomp.dll
2014-03-08 15:29:39 1339240 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-03-08 11:34:53 1095488 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2014-03-08 09:34:24 731648 ----a-w- C:\WINDOWS\System32\adtschema.dll
2014-03-08 09:02:24 83968 ----a-w- C:\WINDOWS\System32\sxproxy.dll
2014-03-08 08:44:42 731648 ----a-w- C:\WINDOWS\SysWow64\adtschema.dll
2014-03-08 08:33:33 271872 ----a-w- C:\WINDOWS\System32\spp.dll
2014-03-08 08:25:39 40448 ----a-w- C:\WINDOWS\System32\SetNetworkLocation.dll
2014-03-08 08:12:05 33792 ----a-w- C:\WINDOWS\SysWow64\sxproxy.dll
2014-03-08 07:53:52 1843712 ----a-w- C:\WINDOWS\System32\Display.dll
2014-03-08 07:51:14 334848 ----a-w- C:\WINDOWS\System32\MDEServer.exe
2014-03-08 07:47:39 222720 ----a-w- C:\WINDOWS\SysWow64\spp.dll
2014-03-08 07:12:40 1816576 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2014-03-08 07:09:34 1411584 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2014-03-08 07:04:41 160768 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2014-03-08 07:03:07 939520 ----a-w- C:\WINDOWS\System32\kerberos.dll
2014-03-08 07:01:57 827392 ----a-w- C:\WINDOWS\System32\BFE.DLL
2014-03-08 06:50:54 1066496 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-03-08 06:48:17 252928 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2014-03-08 06:46:58 1063424 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2014-03-08 06:41:34 412672 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
2014-03-08 06:40:06 139776 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2014-03-08 06:37:52 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2014-03-08 06:31:32 222720 ----a-w- C:\WINDOWS\SysWow64\dcomp.dll
2014-03-08 06:30:07 197632 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2014-03-08 06:25:42 264192 ----a-w- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
2014-03-08 06:09:05 958464 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2014-03-08 06:04:54 717312 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2014-03-08 06:02:23 801792 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2014-03-08 05:58:24 567296 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
2014-03-08 05:41:25 1306624 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2014-03-08 05:11:16 924160 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2014-03-06 14:35:30 1466864 ----a-w- C:\WINDOWS\System32\propsys.dll
2014-03-06 14:34:58 113648 ----a-w- C:\WINDOWS\System32\userenv.dll
2014-03-06 14:34:49 2331000 ----a-w- C:\WINDOWS\System32\msxml6.dll
2014-03-06 12:53:14 2141912 ----a-w- C:\WINDOWS\System32\d3d11.dll
2014-03-06 12:53:13 518552 ----a-w- C:\WINDOWS\System32\dxgi.dll
2014-03-06 12:51:51 379224 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2014-03-06 12:51:51 1557848 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2014-03-06 12:51:14 488280 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2014-03-06 12:42:41 7425368 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2014-03-06 12:40:57 492256 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2014-03-06 12:40:57 467504 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2014-03-06 12:40:57 364640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2014-03-06 12:40:56 463264 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2014-03-06 12:40:56 244888 ----a-w- C:\WINDOWS\System32\audiodg.exe
2014-03-06 12:39:53 212992 ----a-w- C:\WINDOWS\System32\cdd.dll
2014-03-06 11:20:26 1200296 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
2014-03-06 11:19:51 94016 ----a-w- C:\WINDOWS\SysWow64\userenv.dll
2014-03-06 11:19:10 390488 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2014-03-06 11:13:13 406912 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2014-03-06 11:13:13 1779800 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
2014-03-06 10:46:28 1679128 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
.
============= FINISH: 12:23:58.95 ===============


Dont know how to attach 
 
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.9)
AVG 2014
Big Fish: Game Manager
Biggest Little Adventure
Classic Start 8
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Wireless Driver Installation
Ghost Encounters Deadwood - Reloaded
Google Chrome
Google Earth
Google Update Helper
Hidden Object Family Mysteries Bundle
Holiday Jigsaw Christmas
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Jewel Legends Magical Kingdom
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Professional Plus 2013 - en-us
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSN GamesBar
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
Nat Geo Adventure Lost City of Z
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.4.1
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Shadow Shelter
Spybot - Search & Destroy
The Far Kingdoms
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Zombie Jewel
.
==== End Of File ===========================


Edited by boopme, 16 May 2014 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,632 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 16 May 2014 - 09:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533857 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 18 May 2014 - 09:52 AM

Greetings Binzie and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Minidump Files

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information
  • Result log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 21 May 2014 - 07:52 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 22 May 2014 - 04:56 PM

I do I cant get to the machine before saturday morning (GMT)



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 22 May 2014 - 07:17 PM

OK thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 May 2014 - 01:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by margaret (administrator) on PADDYSROOM on 23-05-2014 18:55:25
Running from C:\Users\margaret\Desktop
Platform: Windows 8.1 Pro (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2296861014-1326827633-3651257423-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [319888 2014-04-11] (Outfox Tv Productions Pty Ltd)
Startup: C:\Users\margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=179
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.msn.iplay.com/?o=shp
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {F3C94B9B-FA65-4E54-8FB2-604AAEAEBDB4} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDSJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.outfox.tv/?referid=179"
CHR DefaultSearchKeyword: uk.yahoo.com
CHR DefaultSearchProvider: Yahoo! UK & Ireland
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-10]
CHR Extension: (YouTube) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google Search) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (TidyNetwork.com) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgombiobhlcmghfibhakfnomjoaicpfm [2013-03-15]
CHR Extension: (Google Wallet) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [610704 2014-04-02] (Outfox Tv Productions Pty Ltd)
S4 OutfoxTvUpdater; C:\Program Files\OutfoxTV\OutfoxTvUpdater.exe [258960 2014-04-02] (Outfox Tv Productions Pty Ltd)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-07-28] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-27] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 18:55 - 2014-05-23 18:55 - 00016263 _____ () C:\Users\margaret\Desktop\FRST.txt
2014-05-23 18:55 - 2014-05-23 18:55 - 00000000 ____D () C:\FRST
2014-05-23 18:54 - 2014-05-23 18:54 - 00006012 _____ () C:\Users\margaret\Desktop\FSS.txt
2014-05-23 18:52 - 2014-05-23 18:53 - 00019549 _____ () C:\Users\margaret\Desktop\Result.txt
2014-05-23 18:51 - 2014-05-23 18:45 - 00982016 _____ (Farbar) C:\Users\margaret\Desktop\MiniToolBox.exe
2014-05-23 18:51 - 2014-05-23 18:45 - 00410112 _____ (Farbar) C:\Users\margaret\Desktop\FSS.exe
2014-05-23 18:51 - 2014-05-23 18:44 - 02067456 _____ (Farbar) C:\Users\margaret\Desktop\FRST64.exe
2014-05-11 13:55 - 2014-05-11 13:55 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-10 15:20 - 2014-05-10 15:20 - 00001425 _____ () C:\Users\margaret\Desktop\JRT.txt
2014-05-10 15:17 - 2014-05-10 15:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 15:16 - 2014-05-10 15:14 - 01016261 _____ (Thisisu) C:\Users\margaret\Desktop\JRT (1).exe
2014-05-10 12:23 - 2014-05-10 12:23 - 00017127 _____ () C:\Users\margaret\Desktop\dds.txt
2014-05-10 12:23 - 2014-05-10 12:23 - 00002522 _____ () C:\Users\margaret\Desktop\attach.txt
2014-05-10 11:52 - 2014-05-10 11:47 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\margaret\Desktop\tdsskiller.exe
2014-05-10 11:50 - 2014-05-10 09:58 - 00448512 _____ (OldTimer Tools) C:\Users\margaret\Desktop\TFC.exe
2014-05-10 11:50 - 2014-05-10 09:57 - 01316991 _____ () C:\Users\margaret\Desktop\AdwCleaner.exe
2014-05-10 11:50 - 2014-05-10 09:56 - 01016261 _____ (Thisisu) C:\Users\margaret\Desktop\JRT.exe
2014-05-10 10:05 - 2014-05-10 11:57 - 00000000 ____D () C:\AdwCleaner
2014-05-09 20:26 - 2013-07-28 22:27 - 00011192 ____N () C:\WINDOWS\system32\athwbx.cat
2014-05-09 20:26 - 2013-07-15 00:29 - 03837440 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2014-05-09 20:17 - 2014-05-09 20:25 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-09 17:54 - 2014-05-09 17:54 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 17:54 - 2014-05-09 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 17:54 - 2014-05-09 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 17:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-09 17:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-09 17:43 - 2014-05-11 13:41 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 17:43 - 2014-05-09 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-09 17:43 - 2014-05-09 20:07 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-09 17:43 - 2014-05-09 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 17:43 - 2014-05-09 17:43 - 00000000 ____D () C:\Users\margaret\Desktop\rootkit
2014-05-07 20:33 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140507-203355.backup
2014-05-07 20:29 - 2014-05-07 20:29 - 00000656 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-07 20:29 - 2014-05-07 20:29 - 00000628 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 20:29 - 2014-05-07 20:29 - 00000458 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 20:28 - 2014-05-07 20:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 20:28 - 2014-05-07 20:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 20:28 - 2014-05-07 20:28 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 20:28 - 2014-05-07 20:28 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 20:28 - 2014-05-07 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-07 20:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-05-05 18:35 - 2014-05-05 18:35 - 00000000 __SHD () C:\found.000
2014-05-05 17:46 - 2014-05-05 17:47 - 00000414 _____ () C:\WINDOWS\system32\avgrep.txt
2014-05-04 20:40 - 2014-05-04 20:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-05-03 19:53 - 2014-05-03 20:12 - 00000000 ____D () C:\Users\margaret\Desktop\Abii
2014-04-25 10:45 - 2014-04-25 10:45 - 00000000 __SHD () C:\Users\margaret\AppData\Local\EmieUserList
2014-04-25 10:45 - 2014-04-25 10:45 - 00000000 __SHD () C:\Users\margaret\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 18:55 - 2014-05-23 18:55 - 00016263 _____ () C:\Users\margaret\Desktop\FRST.txt
2014-05-23 18:55 - 2014-05-23 18:55 - 00000000 ____D () C:\FRST
2014-05-23 18:55 - 2013-01-12 18:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-23 18:55 - 2013-01-09 19:30 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2296861014-1326827633-3651257423-1001
2014-05-23 18:54 - 2014-05-23 18:54 - 00006012 _____ () C:\Users\margaret\Desktop\FSS.txt
2014-05-23 18:53 - 2014-05-23 18:52 - 00019549 _____ () C:\Users\margaret\Desktop\Result.txt
2014-05-23 18:51 - 2013-01-10 12:00 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 18:50 - 2013-11-27 11:17 - 00000000 ____D () C:\Users\margaret
2014-05-23 18:50 - 2013-01-10 12:00 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-23 18:49 - 2013-01-10 12:00 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 18:45 - 2014-05-23 18:51 - 00982016 _____ (Farbar) C:\Users\margaret\Desktop\MiniToolBox.exe
2014-05-23 18:45 - 2014-05-23 18:51 - 00410112 _____ (Farbar) C:\Users\margaret\Desktop\FSS.exe
2014-05-23 18:44 - 2014-05-23 18:51 - 02067456 _____ (Farbar) C:\Users\margaret\Desktop\FRST64.exe
2014-05-11 14:20 - 2013-01-02 17:24 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-11 13:55 - 2014-05-11 13:55 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-11 13:55 - 2013-02-03 18:53 - 00000000 ____D () C:\Users\margaret\AppData\Roaming\CyberLink
2014-05-11 13:41 - 2014-05-09 17:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 15:22 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-05-10 15:20 - 2014-05-10 15:20 - 00001425 _____ () C:\Users\margaret\Desktop\JRT.txt
2014-05-10 15:17 - 2014-05-10 15:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 15:14 - 2014-05-10 15:16 - 01016261 _____ (Thisisu) C:\Users\margaret\Desktop\JRT (1).exe
2014-05-10 12:23 - 2014-05-10 12:23 - 00017127 _____ () C:\Users\margaret\Desktop\dds.txt
2014-05-10 12:23 - 2014-05-10 12:23 - 00002522 _____ () C:\Users\margaret\Desktop\attach.txt
2014-05-10 11:58 - 2013-09-30 04:55 - 00174000 _____ () C:\WINDOWS\PFRO.log
2014-05-10 11:57 - 2014-05-10 10:05 - 00000000 ____D () C:\AdwCleaner
2014-05-10 11:47 - 2014-05-10 11:52 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\margaret\Desktop\tdsskiller.exe
2014-05-10 10:19 - 2013-11-27 14:02 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90E6A1B7-8CD5-4937-9285-EC218803DCDC}
2014-05-10 10:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-10 09:58 - 2014-05-10 11:50 - 00448512 _____ (OldTimer Tools) C:\Users\margaret\Desktop\TFC.exe
2014-05-10 09:57 - 2014-05-10 11:50 - 01316991 _____ () C:\Users\margaret\Desktop\AdwCleaner.exe
2014-05-10 09:56 - 2014-05-10 11:50 - 01016261 _____ (Thisisu) C:\Users\margaret\Desktop\JRT.exe
2014-05-09 20:27 - 2013-01-02 17:22 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2014-05-09 20:25 - 2014-05-09 20:17 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-09 20:17 - 2014-05-09 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-09 20:17 - 2013-01-02 17:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-09 20:17 - 2012-05-08 12:37 - 00000000 ____D () C:\DELL
2014-05-09 20:07 - 2014-05-09 17:43 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-09 17:54 - 2014-05-09 17:54 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 17:54 - 2014-05-09 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 17:54 - 2014-05-09 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 17:54 - 2014-05-09 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 17:43 - 2014-05-09 17:43 - 00000000 ____D () C:\Users\margaret\Desktop\rootkit
2014-05-08 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-07 20:49 - 2014-05-07 20:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-07 20:29 - 2014-05-07 20:29 - 00000656 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-07 20:29 - 2014-05-07 20:29 - 00000628 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-07 20:29 - 2014-05-07 20:29 - 00000458 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-07 20:29 - 2014-05-07 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-07 20:28 - 2014-05-07 20:28 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-07 20:28 - 2014-05-07 20:28 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-07 20:28 - 2014-05-07 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-05 18:35 - 2014-05-05 18:35 - 00000000 __SHD () C:\found.000
2014-05-05 17:47 - 2014-05-05 17:46 - 00000414 _____ () C:\WINDOWS\system32\avgrep.txt
2014-05-05 17:05 - 2013-10-05 17:38 - 00000000 ____D () C:\Users\margaret\AppData\Local\Avg2014
2014-05-05 09:49 - 2013-11-27 11:12 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-05 09:49 - 2013-01-02 17:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-04 20:40 - 2014-05-04 20:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-05-04 10:17 - 2013-01-02 17:28 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-03 20:12 - 2014-05-03 19:53 - 00000000 ____D () C:\Users\margaret\Desktop\Abii
2014-05-03 20:05 - 2013-06-30 12:30 - 00009216 ___SH () C:\Users\margaret\Downloads\Thumbs.db
2014-05-03 16:29 - 2013-11-27 11:31 - 01079336 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-30 19:01 - 2013-11-27 11:46 - 00000000 __RDO () C:\Users\margaret\SkyDrive
2014-04-30 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-30 11:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-27 11:28 - 2013-10-01 20:09 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-04-25 10:45 - 2014-04-25 10:45 - 00000000 __SHD () C:\Users\margaret\AppData\Local\EmieUserList
2014-04-25 10:45 - 2014-04-25 10:45 - 00000000 __SHD () C:\Users\margaret\AppData\Local\EmieSiteList
2014-04-24 12:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-24 10:45 - 2014-03-31 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 10:45 - 2013-10-14 11:04 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-23 17:06 - 2013-09-30 05:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-23 01:24 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-04-23 01:24 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\margaret\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-10 11:05
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by margaret at 2014-05-23 18:55:58
Running from C:\Users\margaret\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Biggest Little Adventure (HKLM-x32\...\119365300) (Version:  - Oberon Media)
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.11 - Crawler, LLC)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Ghost Encounters Deadwood - Reloaded (HKLM-x32\...\510008939) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hidden Object Family Mysteries Bundle (HKLM-x32\...\510008565) (Version:  - Oberon Media)
Holiday Jigsaw Christmas (HKLM-x32\...\510008952) (Version:  - Oberon Media)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Jewel Legends Magical Kingdom (HKLM-x32\...\510008924) (Version:  - Oberon Media)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSN GamesBar (HKLM\...\msn_en) (Version: 3.2.0.47 - Visicom Media inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nat Geo Adventure Lost City of Z (HKLM-x32\...\117664753) (Version:  - Oberon Media)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Shadow Shelter (HKLM-x32\...\510009091) (Version:  - Oberon Media)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
The Far Kingdoms (HKLM-x32\...\510008954) (Version:  - Oberon Media)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Zombie Jewel (HKLM-x32\...\510009072) (Version:  - Oberon Media)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2014-05-07 20:33 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04F908CF-B1C3-483C-BC3D-46199EB44E92} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {08A9637B-9DC5-4F5F-AC6D-46ADD648F297} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12505A7A-D102-4D9E-AA0E-3EF11D620DB5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {14F21496-970F-424E-AA8D-6D859EEFD283} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {163E11D9-5AAC-48D1-8786-E19FBDE07EE6} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {16C22C83-3D02-41C4-9241-2E6EDE3E2D2F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {230D79F2-FBF5-43C9-979A-A8CF85986E46} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {23DA89D6-AAEF-486A-B945-6732713C1A52} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {269FD4B8-2A38-42A9-972D-944AF61E92F2} - System32\Tasks\5032 => Wscript.exe C:\Users\margaret\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A32C1C2-BC93-493D-829F-86C5E0E3A485} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E1D6E46-087A-4F50-8275-635A4F59FC99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-19] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {576D4E1C-F61E-43E5-9CF6-C65958489CFD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD4A9F2-ABB8-4FA9-8330-E8213B0E07C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-19] (Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A2D906E5-12B6-4FA2-96F1-2C98B6F1EF60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {A6AEA550-8C8B-425C-98E9-03B0BFCCDEE2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2296861014-1326827633-3651257423-1001
Task: {AF1F644E-8814-43EB-A674-5E93E3801685} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D519F392-118E-4A79-9C25-3F68BAF344AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-12 12:35 - 2014-04-12 12:35 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-07 20:28 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-07 20:28 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-07 20:28 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-01-02 17:25 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\WINDOWS\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:0034A705
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0544FEA7
AlternateDataStreams: C:\ProgramData\Temp:07E55929
AlternateDataStreams: C:\ProgramData\Temp:09D210DB
AlternateDataStreams: C:\ProgramData\Temp:0D560A24
AlternateDataStreams: C:\ProgramData\Temp:0D797314
AlternateDataStreams: C:\ProgramData\Temp:0F968544
AlternateDataStreams: C:\ProgramData\Temp:1254AF99
AlternateDataStreams: C:\ProgramData\Temp:135D28A0
AlternateDataStreams: C:\ProgramData\Temp:14C16342
AlternateDataStreams: C:\ProgramData\Temp:17199D25
AlternateDataStreams: C:\ProgramData\Temp:1A9707AC
AlternateDataStreams: C:\ProgramData\Temp:20168BBF
AlternateDataStreams: C:\ProgramData\Temp:2208DD60
AlternateDataStreams: C:\ProgramData\Temp:220C42CA
AlternateDataStreams: C:\ProgramData\Temp:222C8161
AlternateDataStreams: C:\ProgramData\Temp:24610400
AlternateDataStreams: C:\ProgramData\Temp:29460D21
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E55F457
AlternateDataStreams: C:\ProgramData\Temp:3B7F5392
AlternateDataStreams: C:\ProgramData\Temp:47D8C3A4
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:50A5E019
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:55E1F0F4
AlternateDataStreams: C:\ProgramData\Temp:59797A88
AlternateDataStreams: C:\ProgramData\Temp:5F578C26
AlternateDataStreams: C:\ProgramData\Temp:60DC83DE
AlternateDataStreams: C:\ProgramData\Temp:6CFD136C
AlternateDataStreams: C:\ProgramData\Temp:708FB123
AlternateDataStreams: C:\ProgramData\Temp:72E6616C
AlternateDataStreams: C:\ProgramData\Temp:763B94DF
AlternateDataStreams: C:\ProgramData\Temp:7B227418
AlternateDataStreams: C:\ProgramData\Temp:809691F9
AlternateDataStreams: C:\ProgramData\Temp:80CC1319
AlternateDataStreams: C:\ProgramData\Temp:80DBA0A1
AlternateDataStreams: C:\ProgramData\Temp:819394CC
AlternateDataStreams: C:\ProgramData\Temp:82927BA5
AlternateDataStreams: C:\ProgramData\Temp:9001B5DA
AlternateDataStreams: C:\ProgramData\Temp:943E8E55
AlternateDataStreams: C:\ProgramData\Temp:958DE9B5
AlternateDataStreams: C:\ProgramData\Temp:A9080AE2
AlternateDataStreams: C:\ProgramData\Temp:AA4982C6
AlternateDataStreams: C:\ProgramData\Temp:B1FCBEB0
AlternateDataStreams: C:\ProgramData\Temp:BC85EAE7
AlternateDataStreams: C:\ProgramData\Temp:C06BB457
AlternateDataStreams: C:\ProgramData\Temp:C3AF99F6
AlternateDataStreams: C:\ProgramData\Temp:C4014E51
AlternateDataStreams: C:\ProgramData\Temp:C5B78274
AlternateDataStreams: C:\ProgramData\Temp:C639099E
AlternateDataStreams: C:\ProgramData\Temp:CC8C7B76
AlternateDataStreams: C:\ProgramData\Temp:D5C2DDAE
AlternateDataStreams: C:\ProgramData\Temp:D7AC6688
AlternateDataStreams: C:\ProgramData\Temp:DAF1784E
AlternateDataStreams: C:\ProgramData\Temp:DECB56B3
AlternateDataStreams: C:\ProgramData\Temp:E2B0AAB4
AlternateDataStreams: C:\ProgramData\Temp:E724F31F
AlternateDataStreams: C:\ProgramData\Temp:EEBA2194
AlternateDataStreams: C:\ProgramData\Temp:F3B5A9E2
AlternateDataStreams: C:\ProgramData\Temp:F65C09ED
AlternateDataStreams: C:\ProgramData\Temp:F6F0620D
AlternateDataStreams: C:\ProgramData\Temp:FAD8ED51
AlternateDataStreams: C:\Users\margaret\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 3
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: OutfoxTvService => 2
MSCONFIG\Services: OutfoxTvUpdater => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: vToolbarUpdater18.1.0 => 2
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: ZAtheros Wlan Agent => 2
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (05/23/2014 06:54:53 PM) (Source: DCOM) (EventID: 10005) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:54:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:54:53 PM) (Source: DCOM) (EventID: 10005) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:54:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:54:32 PM) (Source: DCOM) (EventID: 10010) (User: PADDYSROOM)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/23/2014 06:53:57 PM) (Source: DCOM) (EventID: 10005) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:53:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:53:57 PM) (Source: DCOM) (EventID: 10005) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:53:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:53:40 PM) (Source: DCOM) (EventID: 10005) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 3967.58 MB
Available physical RAM: 2862.95 MB
Total Pagefile: 6399.58 MB
Available Pagefile: 5353.65 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.09 GB) (Free:396 GB) NTFS
Drive d: () (Removable) (Total:3.42 GB) (Free:3 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C542053F)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 3 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 May 2014 - 01:09 PM

<?xml version="1.0"?>
<MsInfo>
<Metadata>
<Version>8.0</Version>
<CreationUTC>05/23/14 17:58:44</CreationUTC>
</Metadata>
<Category name="System Summary">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
<Category name="Hardware Resources">
<Category name="Conflicts/Sharing">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="DMA">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Forced Hardware">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="I/O">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="IRQs">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Memory">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Components">
<Category name="Multimedia">
<Category name="Audio Codecs">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Video Codecs">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="CD-ROM">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Sound Device">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Display">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Infrared">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Input">
<Category name="Keyboard">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Pointing Device">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Modem">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Network">
<Category name="Adapter">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Protocol">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="WinSock">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Ports">
<Category name="Serial">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Parallel">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Storage">
<Category name="Drives">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Disks">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="SCSI">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="IDE">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Printing">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Problem Devices">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="USB">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
<Category name="Software Environment">
<Category name="System Drivers">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Environment Variables">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Print Jobs">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Network Connections">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Running Tasks">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Loaded Modules">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Services">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Program Groups">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Startup Programs">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="OLE Registration">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
<Category name="Windows Error Reporting">
<Data>
<MSINFOERROR>-2147023838</MSINFOERROR>
</Data>
</Category>
</Category>
</Category>
</MsInfo>

MiniToolBox by Farbar  Version: 23-01-2014
Ran by margaret (administrator) on 23-05-2014 at 18:52:12
Running from "C:\Users\margaret\Desktop"
Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 15472 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : PaddysRoom
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure. 
===========================================================================
Interface List
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (05/23/2014 06:51:14 PM) (Source: DCOM) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:51:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:50:58 PM) (Source: DCOM) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:50:58 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:50:56 PM) (Source: DCOM) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:50:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:50:56 PM) (Source: DCOM) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:50:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2014 06:50:47 PM) (Source: DCOM) (User: PADDYSROOM)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (05/23/2014 06:50:47 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
Error: (05/04/2014 10:45:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Instantiating VSS server
 
 
=========================== Installed Programs ============================
 
Adobe Reader X (10.1.9) (Version: 10.1.9)
AVG 2014 (Version: 14.0.3931)
AVG 2014 (Version: 14.0.4570)
AVG 2014 (Version: 2014.0.4570)
Big Fish: Game Manager (Version: 3.2.0.6)
Biggest Little Adventure
Classic Start 8 (Version: 1.0.0.11)
CyberLink LabelPrint 2.5 (Version: 2.5.5415a)
CyberLink Media Suite 10 (Version: 10.0.1.1913)
CyberLink Media Suite Essentials (Version: 10.0)
CyberLink Power2Go 8 (Version: 8.0.0.1904)
CyberLink PowerDirector 10 (Version: 10.0.1.1904)
CyberLink PowerDVD 10 (Version: 10.0.4318.52)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery - Support Software (Version: 1.0.0.5)
Dell Backup and Recovery (Version: 1.0.0.5)
Dell Wireless Driver Installation (Version: 10.0)
Ghost Encounters Deadwood - Reloaded
Google Chrome (Version: 34.0.1847.131)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
Hidden Object Family Mysteries Bundle
Holiday Jigsaw Christmas
Intel® Management Engine Components (Version: 8.1.0.1281)
Intel® Processor Graphics (Version: 10.18.10.3316)
Intel® Rapid Storage Technology (Version: 11.5.0.1207)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Jewel Legends Magical Kingdom
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4605.1003)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
MSN GamesBar (Version: 3.2.0.47)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
My Dell (Version: 3.5.6426.22)
Nat Geo Adventure Lost City of Z
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Photo Gallery (Version: 16.4.3505.0912)
Realtek Ethernet Controller Driver (Version: 8.18.621.2013)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Shadow Shelter
Spybot - Search & Destroy (Version: 2.3.39)
The Far Kingdoms
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Zombie Jewel
 
=========================
Windows Management Instrumentation service is not running. Could not scan devices
=========================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 3967.58 MB
Available physical RAM: 2900.85 MB
Total Pagefile: 6399.58 MB
Available Pagefile: 5375.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.7 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:457.09 GB) (Free:396.14 GB) NTFS
2 Drive d: () (Removable) (Total:3.42 GB) (Free:3 GB) FAT
 
========================= Users: ========================================
 
User accounts for \\
 
Administrator            Guest                    margaret                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#9 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 May 2014 - 01:10 PM

Farbar Service Scanner Version: 21-05-2014
Ran by margaret (administrator) on 23-05-2014 at 18:54:48
Running from "C:\Users\margaret\Desktop"
Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is set to Disabled. The default start type is Auto.
The ImagePath of PlugPlay service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2014-04-19 12:22] - [2014-03-04 13:15] - 2519384 ____A (Microsoft Corporation) FEEFE783D87C9063CDAC6DBDCF95F533
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2014-04-19 12:07] - [2014-02-22 09:52] - 0134144 ____A (Microsoft Corporation) 515583507D3828E827FF6352C9ACCEFA
 
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2014-04-21 10:25] - [2014-04-09 04:21] - 3408896 ____A (Microsoft Corporation) 779FB2F26E4339A4DD3EEF57E4E593FA
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2014-03-13 11:06] - [2013-10-25 07:48] - 1571328 ____A (Microsoft Corporation) 8077537B1600AF493E7EE1A7A5C90799
 
C:\Program Files\Windows Defender\MsMpEng.exe
[2014-03-13 11:06] - [2013-10-31 01:29] - 0023824 ____A (Microsoft Corporation) 7CE5405B192AC912B9405F72386C7D4B
 
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2014-04-19 12:09] - [2014-02-22 10:38] - 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A
 
 
 
**** End of log ****


#10 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 May 2014 - 01:31 PM

Farbar Service Scanner Version: 21-05-2014
Ran by margaret (administrator) on 23-05-2014 at 18:54:48
Running from "C:\Users\margaret\Desktop"
Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is set to Disabled. The default start type is Auto.
The ImagePath of PlugPlay service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2014-04-19 12:22] - [2014-03-04 13:15] - 2519384 ____A (Microsoft Corporation) FEEFE783D87C9063CDAC6DBDCF95F533
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2014-04-19 12:07] - [2014-02-22 09:52] - 0134144 ____A (Microsoft Corporation) 515583507D3828E827FF6352C9ACCEFA
 
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2014-04-21 10:25] - [2014-04-09 04:21] - 3408896 ____A (Microsoft Corporation) 779FB2F26E4339A4DD3EEF57E4E593FA
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2014-03-13 11:06] - [2013-10-25 07:48] - 1571328 ____A (Microsoft Corporation) 8077537B1600AF493E7EE1A7A5C90799
 
C:\Program Files\Windows Defender\MsMpEng.exe
[2014-03-13 11:06] - [2013-10-31 01:29] - 0023824 ____A (Microsoft Corporation) 7CE5405B192AC912B9405F72386C7D4B
 
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2014-04-19 12:09] - [2014-02-22 10:38] - 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A
 
 
 
**** End of log ****


#11 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 May 2014 - 01:32 PM

apologies double post



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 23 May 2014 - 02:55 PM

Thank you for posting the logs. No problem on the double post.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
C:\Users\margaret\AppData\Local\Temp\Quarantine.exe
Task: {230D79F2-FBF5-43C9-979A-A8CF85986E46} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {269FD4B8-2A38-42A9-972D-944AF61E92F2} - System32\Tasks\5032 => Wscript.exe C:\Users\margaret\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0034A705
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0544FEA7
AlternateDataStreams: C:\ProgramData\Temp:07E55929
AlternateDataStreams: C:\ProgramData\Temp:09D210DB
AlternateDataStreams: C:\ProgramData\Temp:0D560A24
AlternateDataStreams: C:\ProgramData\Temp:0D797314
AlternateDataStreams: C:\ProgramData\Temp:0F968544
AlternateDataStreams: C:\ProgramData\Temp:1254AF99
AlternateDataStreams: C:\ProgramData\Temp:135D28A0
AlternateDataStreams: C:\ProgramData\Temp:14C16342
AlternateDataStreams: C:\ProgramData\Temp:17199D25
AlternateDataStreams: C:\ProgramData\Temp:1A9707AC
AlternateDataStreams: C:\ProgramData\Temp:20168BBF
AlternateDataStreams: C:\ProgramData\Temp:2208DD60
AlternateDataStreams: C:\ProgramData\Temp:220C42CA
AlternateDataStreams: C:\ProgramData\Temp:222C8161
AlternateDataStreams: C:\ProgramData\Temp:24610400
AlternateDataStreams: C:\ProgramData\Temp:29460D21
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E55F457
AlternateDataStreams: C:\ProgramData\Temp:3B7F5392
AlternateDataStreams: C:\ProgramData\Temp:47D8C3A4
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:50A5E019
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:55E1F0F4
AlternateDataStreams: C:\ProgramData\Temp:59797A88
AlternateDataStreams: C:\ProgramData\Temp:5F578C26
AlternateDataStreams: C:\ProgramData\Temp:60DC83DE
AlternateDataStreams: C:\ProgramData\Temp:6CFD136C
AlternateDataStreams: C:\ProgramData\Temp:708FB123
AlternateDataStreams: C:\ProgramData\Temp:72E6616C
AlternateDataStreams: C:\ProgramData\Temp:763B94DF
AlternateDataStreams: C:\ProgramData\Temp:7B227418
AlternateDataStreams: C:\ProgramData\Temp:809691F9
AlternateDataStreams: C:\ProgramData\Temp:80CC1319
AlternateDataStreams: C:\ProgramData\Temp:80DBA0A1
AlternateDataStreams: C:\ProgramData\Temp:819394CC
AlternateDataStreams: C:\ProgramData\Temp:82927BA5
AlternateDataStreams: C:\ProgramData\Temp:9001B5DA
AlternateDataStreams: C:\ProgramData\Temp:943E8E55
AlternateDataStreams: C:\ProgramData\Temp:958DE9B5
AlternateDataStreams: C:\ProgramData\Temp:A9080AE2
AlternateDataStreams: C:\ProgramData\Temp:AA4982C6
AlternateDataStreams: C:\ProgramData\Temp:B1FCBEB0
AlternateDataStreams: C:\ProgramData\Temp:BC85EAE7
AlternateDataStreams: C:\ProgramData\Temp:C06BB457
AlternateDataStreams: C:\ProgramData\Temp:C3AF99F6
AlternateDataStreams: C:\ProgramData\Temp:C4014E51
AlternateDataStreams: C:\ProgramData\Temp:C5B78274
AlternateDataStreams: C:\ProgramData\Temp:C639099E
AlternateDataStreams: C:\ProgramData\Temp:CC8C7B76
AlternateDataStreams: C:\ProgramData\Temp:D5C2DDAE
AlternateDataStreams: C:\ProgramData\Temp:D7AC6688
AlternateDataStreams: C:\ProgramData\Temp:DAF1784E
AlternateDataStreams: C:\ProgramData\Temp:DECB56B3
AlternateDataStreams: C:\ProgramData\Temp:E2B0AAB4
AlternateDataStreams: C:\ProgramData\Temp:E724F31F
AlternateDataStreams: C:\ProgramData\Temp:EEBA2194
AlternateDataStreams: C:\ProgramData\Temp:F3B5A9E2
AlternateDataStreams: C:\ProgramData\Temp:F65C09ED
AlternateDataStreams: C:\ProgramData\Temp:F6F0620D
AlternateDataStreams: C:\ProgramData\Temp:FAD8ED51
C:\Users\margaret\AppData\Local\Temp\launchie.vbs
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot and test the performance of your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Binzie

Binzie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 24 May 2014 - 04:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by margaret at 2014-05-24 09:18:15 Run:1
Running from C:\Users\margaret\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
C:\Users\margaret\AppData\Local\Temp\Quarantine.exe
Task: {230D79F2-FBF5-43C9-979A-A8CF85986E46} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {269FD4B8-2A38-42A9-972D-944AF61E92F2} - System32\Tasks\5032 => Wscript.exe C:\Users\margaret\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0034A705
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0544FEA7
AlternateDataStreams: C:\ProgramData\Temp:07E55929
AlternateDataStreams: C:\ProgramData\Temp:09D210DB
AlternateDataStreams: C:\ProgramData\Temp:0D560A24
AlternateDataStreams: C:\ProgramData\Temp:0D797314
AlternateDataStreams: C:\ProgramData\Temp:0F968544
AlternateDataStreams: C:\ProgramData\Temp:1254AF99
AlternateDataStreams: C:\ProgramData\Temp:135D28A0
AlternateDataStreams: C:\ProgramData\Temp:14C16342
AlternateDataStreams: C:\ProgramData\Temp:17199D25
AlternateDataStreams: C:\ProgramData\Temp:1A9707AC
AlternateDataStreams: C:\ProgramData\Temp:20168BBF
AlternateDataStreams: C:\ProgramData\Temp:2208DD60
AlternateDataStreams: C:\ProgramData\Temp:220C42CA
AlternateDataStreams: C:\ProgramData\Temp:222C8161
AlternateDataStreams: C:\ProgramData\Temp:24610400
AlternateDataStreams: C:\ProgramData\Temp:29460D21
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E55F457
AlternateDataStreams: C:\ProgramData\Temp:3B7F5392
AlternateDataStreams: C:\ProgramData\Temp:47D8C3A4
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:50A5E019
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:55E1F0F4
AlternateDataStreams: C:\ProgramData\Temp:59797A88
AlternateDataStreams: C:\ProgramData\Temp:5F578C26
AlternateDataStreams: C:\ProgramData\Temp:60DC83DE
AlternateDataStreams: C:\ProgramData\Temp:6CFD136C
AlternateDataStreams: C:\ProgramData\Temp:708FB123
AlternateDataStreams: C:\ProgramData\Temp:72E6616C
AlternateDataStreams: C:\ProgramData\Temp:763B94DF
AlternateDataStreams: C:\ProgramData\Temp:7B227418
AlternateDataStreams: C:\ProgramData\Temp:809691F9
AlternateDataStreams: C:\ProgramData\Temp:80CC1319
AlternateDataStreams: C:\ProgramData\Temp:80DBA0A1
AlternateDataStreams: C:\ProgramData\Temp:819394CC
AlternateDataStreams: C:\ProgramData\Temp:82927BA5
AlternateDataStreams: C:\ProgramData\Temp:9001B5DA
AlternateDataStreams: C:\ProgramData\Temp:943E8E55
AlternateDataStreams: C:\ProgramData\Temp:958DE9B5
AlternateDataStreams: C:\ProgramData\Temp:A9080AE2
AlternateDataStreams: C:\ProgramData\Temp:AA4982C6
AlternateDataStreams: C:\ProgramData\Temp:B1FCBEB0
AlternateDataStreams: C:\ProgramData\Temp:BC85EAE7
AlternateDataStreams: C:\ProgramData\Temp:C06BB457
AlternateDataStreams: C:\ProgramData\Temp:C3AF99F6
AlternateDataStreams: C:\ProgramData\Temp:C4014E51
AlternateDataStreams: C:\ProgramData\Temp:C5B78274
AlternateDataStreams: C:\ProgramData\Temp:C639099E
AlternateDataStreams: C:\ProgramData\Temp:CC8C7B76
AlternateDataStreams: C:\ProgramData\Temp:D5C2DDAE
AlternateDataStreams: C:\ProgramData\Temp:D7AC6688
AlternateDataStreams: C:\ProgramData\Temp:DAF1784E
AlternateDataStreams: C:\ProgramData\Temp:DECB56B3
AlternateDataStreams: C:\ProgramData\Temp:E2B0AAB4
AlternateDataStreams: C:\ProgramData\Temp:E724F31F
AlternateDataStreams: C:\ProgramData\Temp:EEBA2194
AlternateDataStreams: C:\ProgramData\Temp:F3B5A9E2
AlternateDataStreams: C:\ProgramData\Temp:F65C09ED
AlternateDataStreams: C:\ProgramData\Temp:F6F0620D
AlternateDataStreams: C:\ProgramData\Temp:FAD8ED51
C:\Users\margaret\AppData\Local\Temp\launchie.vbs
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\margaret\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{230D79F2-FBF5-43C9-979A-A8CF85986E46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{230D79F2-FBF5-43C9-979A-A8CF85986E46} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{269FD4B8-2A38-42A9-972D-944AF61E92F2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269FD4B8-2A38-42A9-972D-944AF61E92F2} => Key deleted successfully.
C:\Windows\System32\Tasks\5032 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5032 => Key deleted successfully.
C:\ProgramData\Temp => ":0034A705" ADS removed successfully.
C:\ProgramData\Temp => ":04BC9A2C" ADS removed successfully.
C:\ProgramData\Temp => ":0544FEA7" ADS removed successfully.
C:\ProgramData\Temp => ":07E55929" ADS removed successfully.
C:\ProgramData\Temp => ":09D210DB" ADS removed successfully.
C:\ProgramData\Temp => ":0D560A24" ADS removed successfully.
C:\ProgramData\Temp => ":0D797314" ADS removed successfully.
C:\ProgramData\Temp => ":0F968544" ADS removed successfully.
C:\ProgramData\Temp => ":1254AF99" ADS removed successfully.
C:\ProgramData\Temp => ":135D28A0" ADS removed successfully.
C:\ProgramData\Temp => ":14C16342" ADS removed successfully.
C:\ProgramData\Temp => ":17199D25" ADS removed successfully.
C:\ProgramData\Temp => ":1A9707AC" ADS removed successfully.
C:\ProgramData\Temp => ":20168BBF" ADS removed successfully.
C:\ProgramData\Temp => ":2208DD60" ADS removed successfully.
C:\ProgramData\Temp => ":220C42CA" ADS removed successfully.
C:\ProgramData\Temp => ":222C8161" ADS removed successfully.
C:\ProgramData\Temp => ":24610400" ADS removed successfully.
C:\ProgramData\Temp => ":29460D21" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":2E55F457" ADS removed successfully.
C:\ProgramData\Temp => ":3B7F5392" ADS removed successfully.
C:\ProgramData\Temp => ":47D8C3A4" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":50A5E019" ADS removed successfully.
C:\ProgramData\Temp => ":5133A494" ADS removed successfully.
C:\ProgramData\Temp => ":55E1F0F4" ADS removed successfully.
C:\ProgramData\Temp => ":59797A88" ADS removed successfully.
C:\ProgramData\Temp => ":5F578C26" ADS removed successfully.
C:\ProgramData\Temp => ":60DC83DE" ADS removed successfully.
C:\ProgramData\Temp => ":6CFD136C" ADS removed successfully.
C:\ProgramData\Temp => ":708FB123" ADS removed successfully.
C:\ProgramData\Temp => ":72E6616C" ADS removed successfully.
C:\ProgramData\Temp => ":763B94DF" ADS removed successfully.
C:\ProgramData\Temp => ":7B227418" ADS removed successfully.
C:\ProgramData\Temp => ":809691F9" ADS removed successfully.
C:\ProgramData\Temp => ":80CC1319" ADS removed successfully.
C:\ProgramData\Temp => ":80DBA0A1" ADS removed successfully.
C:\ProgramData\Temp => ":819394CC" ADS removed successfully.
C:\ProgramData\Temp => ":82927BA5" ADS removed successfully.
C:\ProgramData\Temp => ":9001B5DA" ADS removed successfully.
C:\ProgramData\Temp => ":943E8E55" ADS removed successfully.
C:\ProgramData\Temp => ":958DE9B5" ADS removed successfully.
C:\ProgramData\Temp => ":A9080AE2" ADS removed successfully.
C:\ProgramData\Temp => ":AA4982C6" ADS removed successfully.
C:\ProgramData\Temp => ":B1FCBEB0" ADS removed successfully.
C:\ProgramData\Temp => ":BC85EAE7" ADS removed successfully.
C:\ProgramData\Temp => ":C06BB457" ADS removed successfully.
C:\ProgramData\Temp => ":C3AF99F6" ADS removed successfully.
C:\ProgramData\Temp => ":C4014E51" ADS removed successfully.
C:\ProgramData\Temp => ":C5B78274" ADS removed successfully.
C:\ProgramData\Temp => ":C639099E" ADS removed successfully.
C:\ProgramData\Temp => ":CC8C7B76" ADS removed successfully.
C:\ProgramData\Temp => ":D5C2DDAE" ADS removed successfully.
C:\ProgramData\Temp => ":D7AC6688" ADS removed successfully.
C:\ProgramData\Temp => ":DAF1784E" ADS removed successfully.
C:\ProgramData\Temp => ":DECB56B3" ADS removed successfully.
C:\ProgramData\Temp => ":E2B0AAB4" ADS removed successfully.
C:\ProgramData\Temp => ":E724F31F" ADS removed successfully.
C:\ProgramData\Temp => ":EEBA2194" ADS removed successfully.
C:\ProgramData\Temp => ":F3B5A9E2" ADS removed successfully.
C:\ProgramData\Temp => ":F65C09ED" ADS removed successfully.
C:\ProgramData\Temp => ":F6F0620D" ADS removed successfully.
C:\ProgramData\Temp => ":FAD8ED51" ADS removed successfully.
"C:\Users\margaret\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
 
==== End of Fixlog ====
 
Still wont let me fix driver problems or re-install windows 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 24 May 2014 - 02:00 PM

Greetings,
 

Still wont let me fix driver problems or re-install windows

Are you talking about Network drivers? I didn't know you were trying to reinstall Windows. How are you trying to do that.

Please check this for me.

===================================================

Checking Selective Startup Settings

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • Check the General tab[/b]
  • Under Selective startup if not already checked please check Load system services and Load startup items (leave Use original boot configuration unchecked)
  • If you made any modifications click OK then click Restart when prompted
  • Rerun Farbar Recovery Scan Tool again, making sure to place a check mark in Addition.txt
  • Copy and paste the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Did you make any modifications?
  • FRST log, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:15 PM

Posted 27 May 2014 - 08:28 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users