Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had Powerliks? Now have new problem


  • This topic is locked This topic is locked
192 replies to this topic

#1 JoAnne DG

JoAnne DG

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 19 November 2014 - 09:08 PM

About a week ago, I thought I had Powerliks.  I thought I had removed it with AVG and RogueKiller. My computer ran a lot faster, but I continued to get the occasional message from AVG that said it detected a lot of memory usage by IE.  I was also getting occasional messages that said "Windows has detected an IP address conflict." When I attempted to use Malwarebytes Anti-Malware, I got message that said "Your current security settings do not allow this file to be down loaded."  I got the same message when attempting to update Java.

 

As of last night, I was able to use the computer semi-normally, but now can only run it in safe mode.  When I attempt to run it normally, I get blue screens.  I have run RogueKiller twice.  Nothing show up under the Processes tab, but under the Registry Tab there are several PUM.Dns and PUP files located in HKEY_LOCAL_MACHINE and HKEY_USERS.  I can not select them to delete them.  Clicking delete only takes me to the Adlice PUP page on the net.

 

I have attempted to follow the directions on the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help," but when I try to back up my computer on to an external drive, I again get the message that says "Your current security settings do not allow this file to be down loaded."   The same thing happens when I attempt to download DDS and post a log. 

 

I am also unable to use Microsoft Office.  My computer is a Toshiba and runs Windows 7 Home Premium.

 

Please help!



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 AM

Posted 24 November 2014 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556891 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 26 November 2014 - 11:29 AM

Greetings JoAnne DG and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. If necessary you can run it while in Safe Mode.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 28 November 2014 - 09:46 PM

Hello Gary,

 

Thank you so much for your reply.  I hope you had a good Thanksgiving. Please do call me JoAnne.

 

In return for my patience with your (very understandable) time constraints, please be patient with me.  I'm sort of a computer dunce, and this problem is making me very upset.  I will probably need a lot of detailed explanation and coaching, but this will be a learning experience for me.

 

1)  I have attempted to download Farbar to my desktop of the affected computer.  I immediately get a pop-up that says "Security Alert" in a blue band across the top of a small box.  In the box, it says "Your current security settings do not allow this file to be downloaded."  Should I use a different computer to download it to a thumb drive?

 

2) When I attempted to get the System Summary Information, I got this far:
 

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary

Nothing changes when I left click.

 

3) Before reading your reply, I made a second attempt at using DDS by downloading it on a thumb drive.  This is what I got:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by JoAnne at 19:19:22 on 2014-11-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.3464 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uProxyOverride = <local>
uURLSearchHooks: <No Name>: {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\JoAnne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AL055GK05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [iLivid] "C:\Users\JoAnne\AppData\Local\iLivid\iLivid.exe" -autorun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JoAnne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{A84F136A-EEB3-4F0E-A9A2-272A08DB12BC} : DHCPNameServer = 50.30.0.51
TCP: Interfaces\{C48E8FD2-570F-4444-858C-B7EBCE8BB9E7} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C48E8FD2-570F-4444-858C-B7EBCE8BB9E7}\7416574697E637B69613 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C48E8FD2-570F-4444-858C-B7EBCE8BB9E7}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-4-18 50976]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-21 1109096]
S1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
S1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-10-29 263960]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-9 3488784]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-9 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 InboxAce_1gService;InboxAceService;C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe [2013-10-9 44752]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-31 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-21 2656280]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-12 1820184]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-13 114688]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-12-20 25928]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-21 38096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-21 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-21 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-9-18 16152]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-21 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-29 00:43:21 -------- d-sh--w- C:\found.004
2014-11-13 16:31:15 -------- d-sh--w- C:\Users\JoAnne\AppData\Local\EmieBrowserModeList
2014-11-13 05:38:43 304640 ----a-w- C:\windows\System32\generaltel.dll
2014-11-13 05:38:42 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-11-13 05:38:42 228864 ----a-w- C:\windows\System32\aepdu.dll
2014-11-13 05:37:52 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-11-13 05:37:51 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-11-13 05:37:51 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-11-13 05:37:51 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-11-13 05:37:51 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-11-13 05:37:51 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-11-13 05:37:51 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-11-13 05:37:51 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-11-13 05:37:51 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-11-13 05:21:05 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-11-13 05:21:05 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-11-13 05:21:05 1882624 ----a-w- C:\windows\System32\msxml3.dll
2014-11-13 05:21:05 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-11-13 05:20:46 878080 ----a-w- C:\windows\System32\IMJP10K.DLL
2014-11-13 05:20:46 701440 ----a-w- C:\windows\SysWow64\IMJP10K.DLL
2014-11-13 05:20:16 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-11-13 05:20:16 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-11-13 05:20:16 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-11-13 05:20:16 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-11-13 05:20:16 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-11-13 05:20:16 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-11-13 05:20:16 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-11-13 05:20:16 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-11-13 05:18:57 3241984 ----a-w- C:\windows\System32\msi.dll
2014-11-13 05:18:57 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-11-13 05:18:38 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-11-13 05:18:38 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-11-11 15:14:59 -------- d-----w- C:\ProgramData\Oracle
2014-11-11 15:14:04 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-07 20:43:21 -------- d-----w- C:\ProgramData\Avg_Update_1114tb
2014-11-05 02:49:10 34808 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-11-05 02:48:59 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-02 07:17:02 -------- d-----w- C:\ProgramData\CovuWlobk
2014-11-02 07:17:01 -------- d-----w- C:\ProgramData\DofocAmaqo
2014-11-02 01:54:47 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-30 03:35:16 263960 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M  ====================
.
2014-11-29 00:57:46 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-11-24 03:59:07 16152 ----a-w- C:\windows\System32\drivers\SETB441.tmp
2014-11-13 04:49:48 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 04:49:48 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-10 21:14:32 274200 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-06 03:41:40 124184 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2013-11-30 21:26:32 49940480 ----a-w- C:\Program Files (x86)\GUTD46E.tmp
.
============= FINISH: 19:28:11.54 ===============
 

I saved a second log as well, but it says, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG."

 

 

4) My original Windows CD/DVD is not readily available.  I will look for it though.  There appears to be a license number for it on the bottom of my laptop.

 

Sorry that I am unable to complete all the tasks you requested, but I hope this helps somewhat.  I also want to let you know what happened when I attempted to run the affected computer tonight after attempting system restore, but before getting DDS to work or reading your post.  I got a black screen that said, "The disk TI106139WOE (C:) has errors. Windows has detected file corruption.  You must check the disk for errors before it can be restored. There were multiple lines that "deleting corrupt attribute record segments, " "deleting corrupt orphan file segments,' and "recovering orphan file segments."   System restore would not run.  I will not make any more attempts to run anything without your express order.

 

Thanks again,

 

JoAnne



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 28 November 2014 - 10:24 PM

Hi JoAnne,

Yes the holiday has been nice, hope the same is true for you.

No need to worry about your limited computer experience. I will be very specific in my instructions. In addition, don't be surprised if things do not go as planned initially. More than likely the infection is causing some things to not work well, which is part of the purpose for the malware.

I am assuming you are getting the download warning while using Internet Explorer. If so, please do this.

===================================================

Resetting Security Settings in Internet Explorer

--------------------
  • Launch Internet Explorer
  • Click Tools then Internet Options
  • Click the Security Tab
  • Click Custom level...
  • Near the bottom under Reset custom settings, select Reset to Medium-high (default)
  • Click Reset then Yes
  • Click OK then restart Internet Explorer
  • Test your downloads
  • Run FRST if you are able
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (?)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 29 November 2014 - 11:05 AM

Good morning, Gary.

 

I got half the way there.  I WAS able to reset my security settings, but I'm stymied at running FRST.  I got a popup that said the I needed to run FRST 64.  I searched the Bleeping Computers site for FRST 64, found it, but got that said I should run it at my own risk.  Should  I do that?



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 29 November 2014 - 02:28 PM

Yes, it is a safe program.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 29 November 2014 - 08:49 PM

test



#9 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 29 November 2014 - 08:56 PM

The computer is behaving oddly.

 

When I attempted to logo on with my password, I get a message that says, "The user profile service failed the logon.  User profile can not be located.  Then it took me to a mostly black screen from which most of the icons including the Internet Explorer icon are missing.  There is a message in a bubble that says I am logged on as a default user as well as a Windows pop-up the says that WIndows has recovered from an unexpected shut down. 

 

Since my IE seems to be gone, I used a thumb drive to load FRST 64 on to the affected computer and to save the FRST logs. In the process, I noted that the Document files are missing from my computer as well.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by JoAnne (administrator) on JOANNE-PC on 29-11-2014 19:30:23
Running from E:\
Loaded Profiles:  (Available profiles: JoAnne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [InboxAce Home Page Guard 64 bit] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe [548936 2013-10-09] ()
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [InboxAce Search Scope Monitor] => "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\JoAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=u11099-135&apn_uid=8977617368084502&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm153^S07090^us&si=CD6891&ptb=6148A83B-847A-4450-B716-9D886CC1FFD9&psa=&ind=2013100911&st=sb&n=77fd7b6f&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=514&systemid=406&v=u11099-135&apn_uid=8977617368084502&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll (MindSpark)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\JoAnne\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 InboxAce_1gService; C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe [44752 2013-10-09] (COMPANYVERS_NAME)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-29] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-28] ()
S3 cpuz134; \??\C:\Users\JoAnne\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 19:29 - 2014-11-29 19:30 - 00000000 ____D () C:\FRST
2014-11-29 19:23 - 2014-11-29 19:23 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Avg2015
2014-11-29 19:02 - 2014-11-29 19:02 - 00262144 _____ () C:\windows\Minidump\112914-19640-01.dmp
2014-11-29 18:57 - 2014-11-29 18:57 - 00262144 _____ () C:\windows\Minidump\112914-21184-01.dmp
2014-11-29 18:56 - 2014-03-31 11:27 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-11-29 18:56 - 2012-02-14 00:17 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-11-29 18:56 - 2011-03-23 20:30 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-11-29 18:56 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 18:56 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-29 09:37 - 2014-11-29 09:37 - 00262144 _____ () C:\windows\Minidump\112914-20857-01.dmp
2014-11-28 18:58 - 2014-11-28 18:58 - 00262144 _____ () C:\windows\Minidump\112814-19968-01.dmp
2014-11-28 18:48 - 2014-11-28 18:48 - 00262144 _____ () C:\windows\Minidump\112814-22261-01.dmp
2014-11-28 18:45 - 2014-11-28 18:45 - 00003608 ____N () C:\bootsqm.dat
2014-11-28 18:43 - 2014-11-28 18:43 - 00000000 __SHD () C:\found.004
2014-11-28 18:07 - 2014-11-28 18:07 - 00262144 _____ () C:\windows\Minidump\112814-20264-01.dmp
2014-11-28 18:03 - 2014-11-28 18:04 - 00262144 _____ () C:\windows\Minidump\112814-47673-01.dmp
2014-11-23 22:00 - 2014-11-23 22:00 - 00262144 _____ () C:\windows\Minidump\112314-23509-01.dmp
2014-11-23 21:59 - 2014-11-23 21:59 - 00000000 _____ () C:\Users\JoAnne\AppData\Local\{727C1FB2-6AA9-4050-BFF8-14903BE722C9}
2014-11-19 13:05 - 2014-11-19 13:06 - 00262144 _____ () C:\windows\Minidump\111914-22042-01.dmp
2014-11-19 13:03 - 2014-11-19 13:04 - 00262144 _____ () C:\windows\Minidump\111914-47954-01.dmp
2014-11-19 08:01 - 2014-11-19 08:01 - 00262144 _____ () C:\windows\Minidump\111914-22308-01.dmp
2014-11-19 07:59 - 2014-11-19 07:59 - 00262144 _____ () C:\windows\Minidump\111914-46831-01.dmp
2014-11-18 21:14 - 2014-11-19 10:49 - 00683553 _____ () C:\Users\JoAnne\Desktop\avgrep.txt
2014-11-18 21:13 - 2014-11-18 21:13 - 00262144 _____ () C:\windows\Minidump\111814-21262-01.dmp
2014-11-18 21:11 - 2014-11-18 21:11 - 00262144 _____ () C:\windows\Minidump\111814-41121-01.dmp
2014-11-18 21:09 - 2014-11-18 21:09 - 00262144 _____ () C:\windows\Minidump\111814-38657-01.dmp
2014-11-18 21:07 - 2014-11-18 21:07 - 00262144 _____ () C:\windows\Minidump\111814-38984-01.dmp
2014-11-18 21:05 - 2014-11-18 21:06 - 00262144 _____ () C:\windows\Minidump\111814-43009-01.dmp
2014-11-13 10:31 - 2014-11-13 10:31 - 00000000 __SHD () C:\Users\JoAnne\AppData\Local\EmieBrowserModeList
2014-11-13 01:04 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 01:04 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-13 01:04 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 01:04 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 01:04 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 01:04 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 01:04 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 01:04 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 01:04 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 01:04 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 01:04 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 01:04 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 01:04 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 01:04 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 01:04 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 01:04 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 01:04 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-13 01:04 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 01:04 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 01:04 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 01:04 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-13 01:04 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-13 01:04 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-13 01:04 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-13 01:04 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-13 01:04 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 01:04 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-13 01:04 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-13 01:04 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-13 01:04 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 01:04 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-13 01:04 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 01:04 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-13 01:04 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-13 01:04 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 01:04 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-13 01:04 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 01:04 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 01:04 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 01:04 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 01:04 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 01:04 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-13 01:04 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-13 01:04 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-13 01:04 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-13 01:04 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-13 01:04 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-13 01:04 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-13 01:04 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-13 01:04 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 01:04 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 01:04 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-13 01:04 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 01:04 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-13 01:04 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-13 01:04 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-12 23:38 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 23:38 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 23:38 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 23:37 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 23:37 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 23:37 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 23:37 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 23:37 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 23:37 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 23:37 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 23:37 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 23:37 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 23:21 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 23:21 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 23:21 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 23:21 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 23:20 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 23:20 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 23:20 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 23:20 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 23:20 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 23:20 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 23:20 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 23:20 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 23:20 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 23:20 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 23:19 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 23:19 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 23:19 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 23:19 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 23:19 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 23:19 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 23:18 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 23:18 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 23:18 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 23:18 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 09:14 - 2014-11-11 09:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-11 09:14 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-11 09:14 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-11 09:14 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-11 09:12 - 2014-11-11 09:14 - 00006782 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-11 09:12 - 2014-11-11 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-11 09:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-07 14:43 - 2014-11-07 14:43 - 00000000 ____D () C:\ProgramData\Avg_Update_1114tb
2014-11-04 20:49 - 2014-11-28 19:24 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-04 20:48 - 2014-11-04 20:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 01:17 - 2014-11-04 20:38 - 00000000 ____D () C:\ProgramData\DofocAmaqo
2014-11-02 01:17 - 2014-11-03 16:40 - 00000000 ____D () C:\ProgramData\CovuWlobk
2014-11-01 19:54 - 2014-11-01 19:54 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 19:02 - 2011-12-09 16:54 - 350031397 _____ () C:\windows\MEMORY.DMP
2014-11-29 19:02 - 2011-12-09 16:54 - 00000000 ____D () C:\windows\Minidump
2014-11-29 19:00 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-29 19:00 - 2009-07-13 22:51 - 00320211 _____ () C:\windows\setupact.log
2014-11-29 18:55 - 2014-09-18 11:18 - 00000420 _____ () C:\windows\Tasks\DriverUpdate Startup.job
2014-11-29 09:36 - 2014-09-18 11:18 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2014-11-29 09:36 - 2011-06-21 03:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 19:21 - 2009-07-13 23:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-28 18:56 - 2012-06-13 15:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 18:53 - 2011-06-21 03:19 - 02051492 _____ () C:\windows\WindowsUpdate.log
2014-11-23 21:59 - 2014-09-18 11:18 - 00016152 _____ () C:\windows\system32\Drivers\SETB441.tmp
2014-11-18 18:17 - 2012-01-14 14:25 - 00000340 _____ () C:\windows\Tasks\HP Photo Creations Communicator.job
2014-11-18 17:55 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 17:55 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 17:49 - 2014-09-18 11:18 - 00002848 _____ () C:\windows\System32\Tasks\DriverUpdate Startup
2014-11-18 17:39 - 2011-06-21 03:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 17:25 - 2013-10-12 14:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-18 09:51 - 2011-09-26 14:01 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000UA.job
2014-11-18 00:51 - 2011-09-26 14:01 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000Core.job
2014-11-16 18:32 - 2011-08-24 19:04 - 00000000 ____D () C:\Users\JoAnne\AppData\Local\CrashDumps
2014-11-14 10:34 - 2011-06-21 03:49 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 10:34 - 2011-06-21 03:49 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 10:31 - 2011-08-18 15:16 - 00086160 _____ () C:\Users\JoAnne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 10:25 - 2014-10-29 11:29 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-13 10:25 - 2014-03-31 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-13 10:16 - 2009-07-13 22:45 - 00342328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-13 10:13 - 2014-05-08 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-13 02:04 - 2011-08-18 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 22:49 - 2012-06-13 15:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 22:49 - 2012-06-13 15:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 22:49 - 2011-09-25 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 09:20 - 2013-10-12 14:44 - 00000000 ___HD () C:\$AVG
2014-11-11 09:14 - 2012-06-28 16:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-08 18:13 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-07 14:43 - 2014-08-27 23:11 - 00000000 ____D () C:\Program Files (x86)\AVG Security Toolbar
2014-11-05 13:04 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-04 21:42 - 2010-11-20 21:47 - 00558982 _____ () C:\windows\PFRO.log
2014-11-03 16:40 - 2014-10-29 11:20 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-02 01:16 - 2014-10-28 19:15 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-31 06:08 - 2009-07-13 23:08 - 00032572 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\JoAnne\AppData\Local\Temp\2vaevaod.exe
C:\Users\JoAnne\AppData\Local\Temp\clchbtq6.dll
C:\Users\JoAnne\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JoAnne\AppData\Local\Temp\fvJcrgR.exe
C:\Users\JoAnne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JoAnne\AppData\Local\Temp\juzuxn5f.dll
C:\Users\JoAnne\AppData\Local\Temp\o3howsq9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 08:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by JoAnne at 2014-11-29 19:31:40
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.423 - AVG) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
DriverUpdate (HKLM-x32\...\{E2A3A216-9DFE-4EC1-AA69-162588FEF014}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
iLivid (HKLM-x32\...\iLivid) (Version: 5.0.0.3958 - Bandoo Media Inc) <==== ATTENTION
InboxAce Internet Explorer Toolbar (HKLM-x32\...\InboxAce_1gbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07750283-9CE4-4838-A3C9-12862DB8BF20} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {0ECDD83A-6906-4F7F-8C97-6E47D3FF7E3A} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {2C0464FC-2F78-4A77-820F-9BD44E3DEA69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {31440B3F-A7F8-41B3-93FA-ABB0079CCFE0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000Core => C:\Users\JoAnne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22] (Facebook Inc.)
Task: {5222FDE1-0974-4DC1-AD5E-00A0B5EAEB77} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24] (Hewlett-Packard)
Task: {6A3B53ED-95E5-4B0D-95A4-67A8419429A7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6DE0CC6F-BAE5-49D8-910A-77A4020E55B8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000UA => C:\Users\JoAnne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22] (Facebook Inc.)
Task: {98A38FCA-C997-4B7F-BAC0-3F86AAAAC0B5} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)
Task: {9907B4EF-55A2-4CD2-B0FB-E0449EC477FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {ACF34687-65FE-42D4-9F13-68A7D1BDD022} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {AECD9F6F-FA62-4B7B-8806-1319DE0EEC58} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-10-14] ()
Task: {D2289172-44CA-4FA8-85E5-CF1B74901B71} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000Core.job => C:\Users\JoAnne\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3532894602-3789889443-1828995010-1000UA.job => C:\Users\JoAnne\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3532894602-3789889443-1828995010-500 - Administrator - Disabled)
Guest (S-1-5-21-3532894602-3789889443-1828995010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3532894602-3789889443-1828995010-1002 - Limited - Enabled)
JoAnne (S-1-5-21-3532894602-3789889443-1828995010-1000 - Administrator - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2014 07:06:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: JoAnne-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (11/29/2014 07:03:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2014 07:00:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: JoAnne-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.

Error: (11/29/2014 06:58:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: JoAnne-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (11/29/2014 06:56:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: JoAnne-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - Access is denied.

Error: (11/29/2014 06:56:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - Access is denied.
 for C:\Users\TEMP\ntuser.dat

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JoAnne-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JoAnne-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: JoAnne-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\JoAnne\ntuser.dat

System errors:
=============
Error: (11/29/2014 07:08:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/29/2014 07:06:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/29/2014 07:06:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/29/2014 07:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/29/2014 07:06:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: JoAnne-PC)
Description: Access is denied.

Error: (11/29/2014 07:03:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2014 07:00:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: JoAnne-PC)
Description: Access is denied.

Error: (11/29/2014 06:58:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: JoAnne-PC)
Description: Access is denied.

Error: (11/29/2014 06:56:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: JoAnne-PC)
Description: Access is denied.

Error: (11/29/2014 06:56:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Access is denied.
C:\Users\TEMP\ntuser.dat

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JoAnne-PC)
Description:

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JoAnne-PC)
Description:

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: JoAnne-PC)
Description: The process cannot access the file because it is being used by another process.

Error: (11/29/2014 06:56:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\JoAnne\ntuser.dat

CodeIntegrity Errors:
===================================
  Date: 2014-01-20 14:10:57.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-20 14:10:57.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-20 14:10:57.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-20 13:36:23.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-20 13:36:23.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-20 13:36:23.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-21 23:43:42.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-21 23:43:42.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-21 23:43:42.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-21 23:19:32.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 13%
Total physical RAM: 4043.86 MB
Available physical RAM: 3514.79 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 7587.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:282.9 GB) (Free:220.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (PortraitCD) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive e: (USB20FD) (Removable) (Total:7.51 GB) (Free:7.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 29 November 2014 - 09:35 PM

Hi JoAnne,

Yes, your computer is not feeling well. Please attempt to do this in Safe Mode if necessary. If one step will not work just move on to the next step.

The first thing we need to do is copy and paste FRST from your USB device onto the desktop of your computer.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [InboxAce Search Scope Monitor] => "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
2014-11-02 01:17 - 2014-11-04 20:38 - 00000000 ____D () C:\ProgramData\DofocAmaqo
2014-11-02 01:17 - 2014-11-03 16:40 - 00000000 ____D () C:\ProgramData\CovuWlobk
2014-11-01 19:54 - 2014-11-01 19:54 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\JoAnne\AppData\Local\Temp\2vaevaod.exe
C:\Users\JoAnne\AppData\Local\Temp\clchbtq6.dll
C:\Users\JoAnne\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JoAnne\AppData\Local\Temp\fvJcrgR.exe
C:\Users\JoAnne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JoAnne\AppData\Local\Temp\juzuxn5f.dll
C:\Users\JoAnne\AppData\Local\Temp\o3howsq9.dll
Task: {ACF34687-65FE-42D4-9F13-68A7D1BDD022} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 November 2014 - 12:25 AM

Thanks so much for your prompt replies, Gary.  This is a little daunting but I think I'm getting more confident.  I don't seem to be able to save anything to my desktop right now, but working off the thumb drive seems to be working out OK.

 

Here is my progress thus far.

 

1) The first thing we need to do is copy and paste FRST from your USB device onto the desktop of your computer.--I'm not sure how to do this.  I have FRST on the thumb drive though which I am using

2) I got this far:

  • Please download AdwCleaner by Xplode onto your desktop.--Did it from the thumb drive.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears.

And a message appeared that says, "SQLite 3. dll can't be loaded."

 

  • Please download Junkware Removal Tool and save it to your desktop..--Did it from the thumb drive.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) These no longer show up in the system tray.
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

Here is the log:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by SYSTEM on Sat 11/29/2014 at 22:49:43.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] inboxace_1gservice
Successfully deleted: [Service] inboxace_1gservice

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

~~~ Files

Successfully deleted: [File] C:\windows\Tasks\DriverUpdate Startup.job
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] C:\windows\prefetch\TOOLBARUPDATER.EXE-678CD7F9.pf
Successfully deleted: [File] "C:\windows\reimage.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxace_1g"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxace_1gei"
Successfully deleted: [Folder] "C:\Program Files (x86)\movies toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\ProgramData\ask"

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/29/2014 at 22:51:13.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Here is the fixlog for FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by JoAnne at 2014-11-29 23:20:16 Run:1
Running from E:\
Loaded Profiles:  (Available profiles: JoAnne)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [InboxAce Search Scope Monitor] => "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
2014-11-02 01:17 - 2014-11-04 20:38 - 00000000 ____D () C:\ProgramData\DofocAmaqo
2014-11-02 01:17 - 2014-11-03 16:40 - 00000000 ____D () C:\ProgramData\CovuWlobk
2014-11-01 19:54 - 2014-11-01 19:54 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\JoAnne\AppData\Local\Temp\2vaevaod.exe
C:\Users\JoAnne\AppData\Local\Temp\clchbtq6.dll
C:\Users\JoAnne\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JoAnne\AppData\Local\Temp\fvJcrgR.exe
C:\Users\JoAnne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JoAnne\AppData\Local\Temp\juzuxn5f.dll
C:\Users\JoAnne\AppData\Local\Temp\o3howsq9.dll
Task: {ACF34687-65FE-42D4-9F13-68A7D1BDD022} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxAce Search Scope Monitor => value deleted successfully.
"C:\PROGRA~3\Wincert\WIN64C~1.DLL" => Value Data removed successfully.
" C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll" => Value Data removed successfully.
"C:\PROGRA~3\Wincert\WIN32C~1.DLL" => Value Data not found.
C:\ProgramData\DofocAmaqo => Moved successfully.
C:\ProgramData\CovuWlobk => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\2vaevaod.exe => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\clchbtq6.dll => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\fvJcrgR.exe => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\juzuxn5f.dll => Moved successfully.
C:\Users\JoAnne\AppData\Local\Temp\o3howsq9.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACF34687-65FE-42D4-9F13-68A7D1BDD022}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF34687-65FE-42D4-9F13-68A7D1BDD022}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

 

Thanks again.  I'm going to go to bed now, but I'll see you in the morning.

 

Best, 

 

JoAnne



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 30 November 2014 - 09:36 AM

Hi JoAnne,

Thanks for hanging in there, this can be frustrating even when you are familiar with computers. :)

We took a bite out of things so at least we are making progress. There are some indications your user profile has been corrupted so what we are going to do is create a new profile and test your computer.

Please do this.

===================================================

Testing a New User Profile

--------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type the following after the command prompt, pressing Enter after each line

net user temp /add
net localgroup administrators temp /add

  • Reboot your computer and log into the temp user profile
  • Check your computer's performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 November 2014 - 11:38 AM

Thanks for the encouragement, Gary.  This is actually getting much less frustrating for me because whenever the virus makes a move, you seem to have a counter move.  Before I had help, I felt shutdown by every challenge.  Now, I just assume that you'll tell me what to do and things will work out eventually.  It's a real confidence builder, for me, knowing that there are counter moves.

 

When I got the cmd prompt box to come up, it already said "C:Users\TEMP>"  I typed in net user temp /add and hit "enter."
The computer replied with a bunch of text.  I typed in net localgroup administrators temp /add and hit "enter" again.  More text. I then rebooted etc.

 

After logging in with my usual password, there were no changes.  I still get the message in a bubble that says, "User Profile Service You have been logged with the default profile for the system Please see the event log for details or contact  your administrator."

 

I will be in and out of the house and will check email whenever I'm home.  If that takes a while, I'm just out of the house.  I haven't given up.

 

Thanks so much,

 

JoAnne

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 30 November 2014 - 02:11 PM

Greetings JoAnne,

You have been quite responsive so don't worry about any delays.

That may not have done what we wanted it to do so we are going to create another User Profile a different way.

Please do this.

===================================================

Creating a Test Profile

--------------
  • Click Start, Control Panel, then User Accounts
  • Click Manage Another Account
  • Click Create a new account
  • In the New account name box type TestProfile
  • Select Computer administrator then click Create Account
  • Close the Manage Accounts window
  • Click Start, click the arrow to the right of Shut Down, and click Switch user
  • Log in as TestProfile and allow the computer to finish creating the new Profile
  • Check to see if your computer is working properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 JoAnne DG

JoAnne DG
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 November 2014 - 05:14 PM

Nothing happens when I click Manage Another Account, either left or right click

 

 

 

 

 

 

 


Edited by JoAnne DG, 30 November 2014 - 05:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users