Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dll errors


  • This topic is locked This topic is locked
28 replies to this topic

#1 Shawna927

Shawna927

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 21 January 2015 - 02:52 PM

i just cleaned powelik off my laptop and now im getting a himnamm.dll module not found and a btvstack.dll module not found. how do i fix this problem. thank you for any help you can give



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 21 January 2015 - 03:03 PM

Greetings and welcome to BleepingComputer!

 

Based on your description we really need to run some programs not utilized in this Forum.  I am going to request that a Moderator move you to the Malware Removal Forum.  Hang tight, help is on the way!

 

Gary


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 21 January 2015 - 03:25 PM

ty Gary 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 21 January 2015 - 03:31 PM

No problem, the waiting list is quite short so it shouldn't take long to get you some help.  Please be patient and we will take good care of you. :)


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 21 January 2015 - 04:28 PM

Greetings Shawna927 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 21 January 2015 - 04:43 PM

ty Gary unfortunately it is the end of my work shift so i will not have time to completely that before closing down for the evening. i will follow your instructions first thing in the morning and will forward them here as you requested. thank you so much.

 

Shawna



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 21 January 2015 - 04:44 PM

You are welcome Shawna, see you tomorrow!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 22 January 2015 - 09:01 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Troy SSCI (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 22-01-2015 08:42:02
Running from C:\Users\Troy SSCI\Desktop
Loaded Profiles: Troy SSCI (Available profiles: Admin & Troy SSCI & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-03-26] (Google Inc.)
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [himnamm] => rundll32 "C:\Users\Troy SSCI\AppData\Local\himnamm.dll",himnamm <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [vsiibupg] => regsvr32.exe /s "C:\Users\Troy SSCI\AppData\Local\SearchProtect\vsiibupg.dll" <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Qomiawagetq] => "C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe"
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Axbaygobf] => "C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe"
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d33-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d3c-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d5e-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.100 24.25.5.60 24.25.5.61
Tcpip\..\Interfaces\{59274E49-E2E0-4883-BE57-777BBD20AEE0}: [NameServer] 166.181.191.17 166.181.127.17

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Admin\AppData\Local\Wajam\Chrome\wajam.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MPT Service; C:\Program Files (x86)\U.S. Cellular Broadband Connect\mptserv.exe [40960 2012-07-02] () [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 08:42 - 2015-01-22 08:43 - 00012400 _____ () C:\Users\Troy SSCI\Desktop\FRST.txt
2015-01-22 08:41 - 2015-01-22 08:42 - 00000000 ____D () C:\FRST
2015-01-22 08:41 - 2015-01-22 08:41 - 02126848 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST64.exe
2015-01-22 08:41 - 2015-01-22 08:41 - 01118208 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST.exe
2015-01-21 13:49 - 2015-01-21 13:49 - 00183260 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.134947.9400.log
2015-01-21 12:55 - 2015-01-21 12:55 - 00183326 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125519.3376.log
2015-01-21 12:52 - 2015-01-21 12:53 - 00365576 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125201.12808.log
2015-01-21 12:51 - 2015-01-21 12:51 - 00190152 _____ (ESET) C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe
2015-01-21 12:51 - 2015-01-21 12:51 - 00002754 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125123.5492.log
2015-01-21 12:30 - 2015-01-21 12:30 - 00000000 ____D () C:\Windows\pss
2015-01-21 12:24 - 2015-01-21 12:24 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\AVG2015
2015-01-21 12:23 - 2015-01-21 12:59 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\Avg2015
2015-01-21 10:48 - 2015-01-21 10:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 10:47 - 2015-01-21 12:27 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 10:37 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 10:37 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 10:37 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 10:37 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 10:37 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 10:37 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 10:37 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 10:37 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 10:34 - 2015-01-21 10:34 - 00000000 ____D () C:\ProgramData\374311380
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL
2015-01-21 10:01 - 2015-01-21 10:12 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\AVG2015
2015-01-21 10:01 - 2015-01-21 10:01 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.HTML
2015-01-21 10:01 - 2015-01-21 10:01 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.TXT
2015-01-21 10:01 - 2015-01-21 10:01 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.URL
2015-01-21 09:53 - 2015-01-21 09:53 - 00008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-21 09:53 - 2015-01-21 09:53 - 00004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-21 09:53 - 2015-01-21 09:53 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-21 09:37 - 2015-01-21 12:27 - 00000000 ___HD () C:\13f87ffb
2015-01-08 09:19 - 2015-01-22 08:36 - 00000830 _____ () C:\Windows\Tasks\Security Center Update - 1149245889.job
2015-01-08 09:19 - 2015-01-21 11:15 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Nyduruve
2015-01-08 09:15 - 2015-01-21 12:27 - 00000000 ____D () C:\ProgramData\XifilOvhed
2015-01-08 07:08 - 2015-01-22 08:36 - 00000828 _____ () C:\Windows\Tasks\Security Center Update - 1041078340.job
2015-01-08 07:08 - 2015-01-08 12:05 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Syzuybip
2015-01-08 07:06 - 2015-01-08 07:08 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Local Store
2015-01-08 07:04 - 2015-01-08 07:04 - 00000000 ____D () C:\ProgramData\sudynar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 08:42 - 2012-09-16 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-22 08:38 - 2012-09-01 16:58 - 01276403 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 08:37 - 2014-03-26 06:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 08:37 - 2014-03-26 06:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 03:21 - 2013-04-01 05:26 - 00024218 _____ () C:\Windows\setupact.log
2015-01-22 03:21 - 2012-09-01 15:04 - 00000200 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-22 03:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 03:04 - 2014-02-17 07:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 03:00 - 2012-09-04 15:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2015-01-21 12:19 - 2014-06-24 08:52 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\SearchProtect
2015-01-21 10:54 - 2013-04-10 13:44 - 00213784 _____ () C:\Windows\PFRO.log
2015-01-21 10:50 - 2013-06-10 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 10:50 - 2012-09-16 08:32 - 00000000 ___HD () C:\$AVG
2015-01-21 10:46 - 2012-09-16 08:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 10:34 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-01-21 10:22 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:22 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:15 - 2014-02-13 15:07 - 00109296 _____ () C:\Users\Troy SSCI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 10:07 - 2014-03-03 10:02 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\DELIVERY TICKETS FROM SHAWNA
2015-01-21 10:01 - 2014-02-13 11:18 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Adobe
2015-01-21 09:56 - 2014-02-13 08:37 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\AVG Secure Search
2015-01-21 09:51 - 2012-09-04 06:14 - 00000000 ____D () C:\ProgramData\BVRP Software
2015-01-09 12:05 - 2012-09-01 15:04 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-06 06:54 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-31 14:54 - 2014-02-13 08:35 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\VirtualStore
2014-12-30 10:51 - 2014-02-13 11:15 - 00000000 ____D () C:\Users\Troy SSCI\Documents\Outlook Files

==================== Files in the root of some directories =======
2015-01-21 10:05 - 2015-01-21 10:05 - 0008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-21 10:05 - 2015-01-21 10:05 - 0004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 0000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:01 - 2015-01-21 10:01 - 0008542 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.HTML
2015-01-21 10:01 - 2015-01-21 10:01 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.PNG
2015-01-21 10:01 - 2015-01-21 10:01 - 0004214 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.TXT
2015-01-21 10:01 - 2015-01-21 10:01 - 0000272 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.URL
2012-09-01 14:43 - 2012-09-01 14:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-01-21 09:53 - 2015-01-21 09:53 - 0008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-21 09:53 - 2015-01-21 09:53 - 0045461 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-21 09:53 - 2015-01-21 09:53 - 0004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-21 09:53 - 2015-01-21 09:53 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2012-09-04 06:14 - 2012-09-04 06:14 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe6009.dll

Files to move or delete:
====================
C:\ProgramData\hpe6009.dll

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe
C:\Users\Troy SSCI\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Troy SSCI at 2015-01-22 08:43:44
Running from C:\Users\Troy SSCI\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 110 series Basic Device Software (HKLM\...\{9EDA8125-D287-4AD1-BE32-6B105A275645}) (Version: 25.0.622.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Manuals Finder (HKLM-x32\...\Manuals Finder) (Version: 1.0 - Manuals Finder) <==== ATTENTION!
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile PhoneTools (x32 Version: 3.55 - BVRP Software) Hidden
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
U.S. Cellular Broadband Connect (HKLM-x32\...\{744DB71D-6844-4FFC-858F-13F9FA028B12}) (Version: 1.12 - Avanquest Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\AutoKMSDaily.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Security Center Update - 1041078340.job => C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1149245889.job => C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP ENVY 110 series (NET) => "C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A1C206305QR:NW" -scfn "HP ENVY 110 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: {E9AE9B9A-A99F-AA8F-27E8-A8E99BAE8b85} => "C:\Program Files (x86)\U.S. Cellular Broadband Connect\AvqAutoRun.exe" "C:\Program Files (x86)\U.S. Cellular Broadband Connect\mphonetools.exe" /OnPlug=%s

========================= Accounts: ==========================

Admin (S-1-5-21-1733140379-2337233290-10970377-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1733140379-2337233290-10970377-500 - Administrator - Disabled)
Guest (S-1-5-21-1733140379-2337233290-10970377-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1733140379-2337233290-10970377-1002 - Limited - Enabled)
Troy SSCI (S-1-5-21-1733140379-2337233290-10970377-1004 - Limited - Enabled) => C:\Users\Troy SSCI

==================== Faulty Device Manager Devices =============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 03:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:46:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/21/2015 01:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:32:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:24:16 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (01/21/2015 00:23:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (01/21/2015 00:23:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (01/21/2015 00:23:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 10:55:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/21/2015 00:33:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/21/2015 00:27:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (01/21/2015 00:27:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (01/21/2015 00:26:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (01/21/2015 00:26:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (01/21/2015 00:26:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (01/21/2015 00:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (01/21/2015 00:25:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/21/2015 00:24:16 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Admin-PCTroy SSCIS-1-5-21-1733140379-2337233290-10970377-1004LocalHost (Using LRPC)

Error: (01/21/2015 00:23:47 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Admin-PCTroy SSCIS-1-5-21-1733140379-2337233290-10970377-1004LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (01/22/2015 03:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:46:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/21/2015 01:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:32:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:24:16 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (01/21/2015 00:23:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (01/21/2015 00:23:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (01/21/2015 00:23:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 10:55:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6044.36 MB
Available physical RAM: 3978.91 MB
Total Pagefile: 12086.9 MB
Available Pagefile: 9849.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:637.78 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 22 January 2015 - 11:41 AM

Hi Shawna,

As you already know, you were infected with the Poweliks virus. As a result, I must first provide some information regarding Backdoor Trojans.

Your computer is still quite infected. In light of some information contained in the logs I would caution you to only download programs that are from legitimate sources. I don't know for certain but not adhering to that rule may have caused your present circumstances.

I may be offline until this afternoon so I don't want you to think I have abandoned you. :) Please do this.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [himnamm] => rundll32 "C:\Users\Troy SSCI\AppData\Local\himnamm.dll",himnamm <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [vsiibupg] => regsvr32.exe /s "C:\Users\Troy SSCI\AppData\Local\SearchProtect\vsiibupg.dll" <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Qomiawagetq] => "C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe"
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Axbaygobf] => "C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL
2015-01-21 10:34 - 2015-01-21 10:34 - 00000000 ____D () C:\ProgramData\374311380
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL
2015-01-21 10:01 - 2015-01-21 10:01 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.HTML
2015-01-21 10:01 - 2015-01-21 10:01 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.TXT
2015-01-21 10:01 - 2015-01-21 10:01 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.URL
2015-01-21 09:53 - 2015-01-21 09:53 - 00008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-21 09:53 - 2015-01-21 09:53 - 00004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-21 09:53 - 2015-01-21 09:53 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-21 09:37 - 2015-01-21 12:27 - 00000000 ___HD () C:\13f87ffb
C:\Users\Troy SSCI\AppData\Local\himnamm.dll
C:\Users\Troy SSCI\AppData\Local\SearchProtect
C:\Users\Troy SSCI\AppData\Roaming\Syzuybip
C:\Users\Troy SSCI\AppData\Roaming\Nyduruve
C:\ProgramData\XifilOvhed
C:\ProgramData\sudynar
C:\Users\Troy SSCI\AppData\Local\SearchProtect
C:\ProgramData\hpe6009.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe
C:\Users\Troy SSCI\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe
C:\Windows\Tasks\AutoKMSDaily.job
Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\AutoKMSDaily.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Security Center Update - 1041078340.job => C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1149245889.job => C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Please rerun a FRST scan placing a check mark in the List BCD box under Optional Scan
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST log, including BCD information

Edited by Oh My!, 22 January 2015 - 11:42 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 22 January 2015 - 01:09 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Troy SSCI at 2015-01-22 11:56:29 Run:1
Running from C:\Users\Troy SSCI\Desktop
Loaded Profiles: Admin & Troy SSCI (Available profiles: Admin & Troy SSCI & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [himnamm] => rundll32 "C:\Users\Troy SSCI\AppData\Local\himnamm.dll",himnamm <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [vsiibupg] => regsvr32.exe /s "C:\Users\Troy SSCI\AppData\Local\SearchProtect\vsiibupg.dll" <===== ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Qomiawagetq] => "C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe"
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [Axbaygobf] => "C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL
2015-01-21 10:34 - 2015-01-21 10:34 - 00000000 ____D () C:\ProgramData\374311380
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00008542 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00004214 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL
2015-01-21 10:05 - 2015-01-21 10:05 - 00000272 _____ () C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL
2015-01-21 10:01 - 2015-01-21 10:01 - 00008542 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.HTML
2015-01-21 10:01 - 2015-01-21 10:01 - 00004214 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.TXT
2015-01-21 10:01 - 2015-01-21 10:01 - 00000272 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.URL
2015-01-21 09:53 - 2015-01-21 09:53 - 00008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-21 09:53 - 2015-01-21 09:53 - 00004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-21 09:53 - 2015-01-21 09:53 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-21 09:37 - 2015-01-21 12:27 - 00000000 ___HD () C:\13f87ffb
C:\Users\Troy SSCI\AppData\Local\himnamm.dll
C:\Users\Troy SSCI\AppData\Local\SearchProtect
C:\Users\Troy SSCI\AppData\Roaming\Syzuybip
C:\Users\Troy SSCI\AppData\Roaming\Nyduruve
C:\ProgramData\XifilOvhed
C:\ProgramData\sudynar
C:\Users\Troy SSCI\AppData\Local\SearchProtect
C:\ProgramData\hpe6009.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe
C:\Users\Troy SSCI\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe
C:\Windows\Tasks\AutoKMSDaily.job
Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\AutoKMSDaily.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Security Center Update - 1041078340.job => C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1149245889.job => C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe <==== ATTENTION

*****************

HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Windows\CurrentVersion\Run\\himnamm => value deleted successfully.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Windows\CurrentVersion\Run\\vsiibupg => value deleted successfully.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Qomiawagetq => value deleted successfully.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Axbaygobf => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Key could not be deleted. Access denied.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Key could not be deleted. Access denied.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Key could not be deleted. Access denied.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => Key could not be deleted. Access denied.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key could not be deleted. Access denied.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key could not be deleted. Access denied.
PTUMWBus => Error deleting Service
PTUMWCDF => Error deleting Service
PTUMWFLT => Error deleting Service
PTUMWMdm => Error deleting Service
PTUMWNET => Error deleting Service
PTUMWVsp => Error deleting Service
SPPD => Error deleting Service
VGPU => Error deleting Service
C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL => Moved successfully.

"C:\ProgramData\374311380" directory move:

Could not move "C:\ProgramData\374311380\BITC1DC.tmp" => Scheduled to move on reboot.
Could not move "C:\ProgramData\374311380" directory. => Scheduled to move on reboot.

"C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Troy SSCI\AppData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Troy SSCI\AppData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Troy SSCI\AppData\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\13f87ffb => Moved successfully.
"C:\Users\Troy SSCI\AppData\Local\himnamm.dll" => File/Directory not found.
C:\Users\Troy SSCI\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Troy SSCI\AppData\Roaming\Syzuybip => Moved successfully.
C:\Users\Troy SSCI\AppData\Roaming\Nyduruve => Moved successfully.
C:\ProgramData\XifilOvhed => Moved successfully.
C:\ProgramData\sudynar => Moved successfully.
"C:\Users\Troy SSCI\AppData\Local\SearchProtect" => File/Directory not found.
Could not move "C:\ProgramData\hpe6009.dll" => Scheduled to move on reboot.
Could not move "C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll" => Scheduled to move on reboot.
Could not move "C:\Users\Admin\AppData\Local\Temp\nsa854E.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Admin\AppData\Local\Temp\nsk1348.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe" => Scheduled to move on reboot.
C:\Users\Troy SSCI\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe => Moved successfully.
Could not move "C:\Windows\Tasks\AutoKMSDaily.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\AutoKMS.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\AutoKMSDaily.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => Scheduled to move on reboot.
C:\Windows\Tasks\Security Center Update - 1041078340.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1149245889.job => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-22 11:59:14)<=

==> ATTENTION: System is not rebooted.
"C:\ProgramData\374311380\BITC1DC.tmp" => File could not move.
"C:\ProgramData\374311380" => Directory could not move.
"C:\ProgramData\hpe6009.dll" => File could not move.
"C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll" => File could not move.
"C:\Users\Admin\AppData\Local\Temp\nsa854E.exe" => File could not move.
"C:\Users\Admin\AppData\Local\Temp\nsk1348.exe" => File could not move.
"C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe" => File could not move.
"C:\Windows\Tasks\AutoKMSDaily.job" => File could not move.
"C:\Windows\Tasks\AutoKMS.job" => File could not move.
"C:\Windows\Tasks\AutoKMSDaily.job" => File could not move.
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job" => File could not move.
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => File could not move.

==== End of Fixlog 11:59:15 ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Troy SSCI (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 22-01-2015 13:06:46
Running from C:\Users\Troy SSCI\Desktop
Loaded Profiles: Troy SSCI (Available profiles: Admin & Troy SSCI & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-03-26] (Google Inc.)
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d33-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d3c-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d5e-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.100 24.25.5.60 24.25.5.61
Tcpip\..\Interfaces\{59274E49-E2E0-4883-BE57-777BBD20AEE0}: [NameServer] 166.181.191.17 166.181.127.17

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Admin\AppData\Local\Wajam\Chrome\wajam.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MPT Service; C:\Program Files (x86)\U.S. Cellular Broadband Connect\mptserv.exe [40960 2012-07-02] () [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 11:55 - 2015-01-22 11:55 - 00000561 _____ () C:\Users\Troy SSCI\Desktop\fixlist.lnk
2015-01-22 08:48 - 2015-01-22 08:48 - 00070653 _____ () C:\Users\Troy SSCI\Desktop\Summary.zip
2015-01-22 08:46 - 2015-01-22 08:46 - 01392488 _____ () C:\Users\Troy SSCI\Desktop\Summary.nfo
2015-01-22 08:43 - 2015-01-22 08:44 - 00017884 _____ () C:\Users\Troy SSCI\Desktop\Addition.txt
2015-01-22 08:42 - 2015-01-22 13:06 - 00011581 _____ () C:\Users\Troy SSCI\Desktop\FRST.txt
2015-01-22 08:41 - 2015-01-22 13:06 - 00000000 ____D () C:\FRST
2015-01-22 08:41 - 2015-01-22 08:41 - 02126848 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST64.exe
2015-01-22 08:41 - 2015-01-22 08:41 - 01118208 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST.exe
2015-01-21 13:49 - 2015-01-21 13:49 - 00183260 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.134947.9400.log
2015-01-21 12:55 - 2015-01-21 12:55 - 00183326 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125519.3376.log
2015-01-21 12:52 - 2015-01-21 12:53 - 00365576 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125201.12808.log
2015-01-21 12:51 - 2015-01-21 12:51 - 00190152 _____ (ESET) C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe
2015-01-21 12:51 - 2015-01-21 12:51 - 00002754 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125123.5492.log
2015-01-21 12:30 - 2015-01-21 12:30 - 00000000 ____D () C:\Windows\pss
2015-01-21 12:24 - 2015-01-21 12:24 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\AVG2015
2015-01-21 12:23 - 2015-01-21 12:59 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\Avg2015
2015-01-21 10:48 - 2015-01-21 10:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 10:47 - 2015-01-21 12:27 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 10:37 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 10:37 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 10:37 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 10:37 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 10:37 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 10:37 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 10:37 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 10:37 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 10:34 - 2015-01-21 10:34 - 00000000 ____D () C:\ProgramData\374311380
2015-01-21 10:01 - 2015-01-21 10:12 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\AVG2015
2015-01-08 07:06 - 2015-01-08 07:08 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Local Store

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 12:15 - 2014-03-26 06:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 12:01 - 2012-09-01 16:58 - 01308341 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 11:58 - 2014-03-26 06:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 11:57 - 2013-04-01 05:26 - 00024274 _____ () C:\Windows\setupact.log
2015-01-22 11:57 - 2012-09-01 15:04 - 00000200 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-22 11:57 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 09:19 - 2012-09-01 15:04 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-22 08:43 - 2012-09-16 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-22 03:04 - 2014-02-17 07:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 03:00 - 2012-09-04 15:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2015-01-21 10:54 - 2013-04-10 13:44 - 00213784 _____ () C:\Windows\PFRO.log
2015-01-21 10:50 - 2013-06-10 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 10:50 - 2012-09-16 08:32 - 00000000 ___HD () C:\$AVG
2015-01-21 10:46 - 2012-09-16 08:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 10:34 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-01-21 10:22 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:22 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:15 - 2014-02-13 15:07 - 00109296 _____ () C:\Users\Troy SSCI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 10:07 - 2014-03-03 10:02 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\DELIVERY TICKETS FROM SHAWNA
2015-01-21 10:01 - 2014-02-13 11:18 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Adobe
2015-01-21 09:56 - 2014-02-13 08:37 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\AVG Secure Search
2015-01-21 09:51 - 2012-09-04 06:14 - 00000000 ____D () C:\ProgramData\BVRP Software
2015-01-06 06:54 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-31 14:54 - 2014-02-13 08:35 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\VirtualStore
2014-12-30 10:51 - 2014-02-13 11:15 - 00000000 ____D () C:\Users\Troy SSCI\Documents\Outlook Files

==================== Files in the root of some directories =======
2015-01-21 10:05 - 2015-01-21 10:05 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-21 10:01 - 2015-01-21 10:01 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.PNG
2012-09-01 14:43 - 2012-09-01 14:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-01-21 09:53 - 2015-01-21 09:53 - 0045461 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2012-09-04 06:14 - 2012-09-04 06:14 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe6009.dll

Files to move or delete:
====================
C:\ProgramData\hpe6009.dll

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== BCD ================================
The boot configuration data store could not be opened.
Access is denied.

==================== End Of Log ============================

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 22 January 2015 - 11:00 PM

We are still experiencing issues. Please do this.

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com_windows_riepair_aio_setup icon
  • Continually click Next, then Finish
  • Go to Step 5 and click Create under System Restore, then Backup under Registry Backup
  • Go to the Repairs tab and click Open Repairs
  • Place a checkmark in the following boxes and uncheck everything else

Reset Registry Permissions
Reset File Permissions
Reset Service Permissions
Register System Files
Remove Policies Set By Infections
Restore Important Windows Services
Set Windows Services To Default Startup

  • Click on box next to the Restart/Shutdown System when Finished
  • Click on Restart System
  • Click on Start Repairs
  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste (or attach if necessary) the contents of the log in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows All in One log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 23 January 2015 - 08:24 AM

Good morning Gary, here is your requested information

 

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ADMIN-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Admin
Current Profile SID: S-1-5-21-1733140379-2337233290-10970377-1000
Current Profile Classes: S-1-5-21-1733140379-2337233290-10970377-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Admin\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 19:43:38

Process Count: 55
Commit Total: 2.55 GB
Commit Limit: 11.80 GB
Commit Peak: 3.59 GB
Handle Count: 20173
Kernel Total: 398.36 MB
Kernel Paged: 332.03 MB
Kernel Non Paged: 66.32 MB
System Cache: 3.09 GB
Thread Count: 716
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.90 GB
Memory Used: 2.20 GB(37.2822%)
Memory Avail.: 3.70 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.90 GB
Memory Used: 1.63 GB(27.6094%)
Memory Avail.: 4.27 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (1/23/2015 7:40:49 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 180
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/23/2015 7:40:52 AM)
   Running Repair Under Current User Account
   Done (1/23/2015 7:40:57 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/23/2015 7:40:57 AM)
   Running Repair Under System Account
   Done (1/23/2015 7:43:27 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/23/2015 7:43:27 AM)
   Running Repair Under System Account

The current repair has failed to start for over 30 sec.
Trying Again....

   Running Repair Under System Account
   Done (1/23/2015 7:45:13 AM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (1/23/2015 7:45:13 AM)
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (1/23/2015 7:54:22 AM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (1/23/2015 7:54:22 AM)
   Running Repair Under System Account
   Done (1/23/2015 8:13:25 AM)

02 - Reset File Permissions: Current Profile
   C:\Users\Admin & Sub Folders
   Start (1/23/2015 8:13:25 AM)
   Running Repair Under System Account
   Done (1/23/2015 8:13:49 AM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (1/23/2015 8:13:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/23/2015 8:13:52 AM)

03 - Reset Service Permissions
   Start (1/23/2015 8:13:52 AM)
   Running Repair Under System Account
   Done (1/23/2015 8:14:54 AM)

04 - Register System Files
   Start (1/23/2015 8:14:54 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/23/2015 8:15:23 AM)

10 - Remove Policies Set By Infections
   Start (1/23/2015 8:15:23 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/23/2015 8:15:28 AM)

26 - Restore Important Windows Services
   Start (1/23/2015 8:15:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/23/2015 8:15:36 AM)

27 - Set Windows Services To Default Startup
   Start (1/23/2015 8:15:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/23/2015 8:15:54 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/23/2015 8:15:54 AM)
   Total Repair Time: 00:35:07

...YOU MUST RESTART YOUR SYSTEM...



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 PM

Posted 23 January 2015 - 10:59 AM

Thank you Shawna.

Let's see if that removed some of the roadblocks we are hitting while trying to delete some items. Things are a little messed up so this might take a couple of steps.

Please do this after logging into the Administrator account.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-22 11:57 - 2012-09-01 15:04 - 00000200 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-22 09:19 - 2012-09-01 15:04 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-21 10:05 - 2015-01-21 10:05 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-21 10:01 - 2015-01-21 10:01 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.PNG
2015-01-21 09:53 - 2015-01-21 09:53 - 0045461 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2012-09-04 06:14 - 2012-09-04 06:14 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe6009.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Folder: C:\ProgramData\374311380
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure to place a check mark in Addition.txt
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Fresh FRST logs (2)

Edited by Oh My!, 23 January 2015 - 11:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 23 January 2015 - 11:22 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Admin at 2015-01-23 11:17:35 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Troy SSCI (Available profiles: Admin & Troy SSCI & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-22 11:57 - 2012-09-01 15:04 - 00000200 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-22 09:19 - 2012-09-01 15:04 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-21 10:05 - 2015-01-21 10:05 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-21 10:01 - 2015-01-21 10:01 - 0045461 _____ () C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.PNG
2015-01-21 09:53 - 2015-01-21 09:53 - 0045461 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2012-09-04 06:14 - 2012-09-04 06:14 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe6009.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCDF; system32\DRIVERS\PTUMWCDF.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Folder: C:\ProgramData\374311380
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
PTUMWBus => Service deleted successfully.
PTUMWCDF => Service deleted successfully.
PTUMWFLT => Service deleted successfully.
PTUMWMdm => Service deleted successfully.
PTUMWNET => Service deleted successfully.
PTUMWVsp => Service deleted successfully.
SPPD => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job => Moved successfully.
C:\Users\Troy SSCI\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\Troy SSCI\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
C:\ProgramData\hpe6009.dll => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8xxgg_.dll => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\nsa854E.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\nsk1348.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\oi_{A551A3DE-6DAD-4680-A953-3ADC295F6F3C}.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Error: No automatic fix found for this entry.
PTUMWBus => Service not found.
PTUMWCDF => Service not found.
PTUMWFLT => Service not found.
PTUMWMdm => Service not found.
PTUMWNET => Service not found.
PTUMWVsp => Service not found.
SPPD => Service not found.
VGPU => Service not found.

========================= Folder: C:\ProgramData\374311380 ========================

2015-01-09 17:56 - 2015-01-09 17:56 - 2108416 ____H () C:\ProgramData\374311380\BITC1DC.tmp

====== End of Folder: ======

==== End of Fixlog 11:17:35 ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Admin (administrator) on ADMIN-PC on 23-01-2015 11:19:17
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & Troy SSCI (Available profiles: Admin & Troy SSCI & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\U.S. Cellular Broadband Connect\mptserv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\MountPoints2: {2cef3b00-f680-11e1-81ad-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\MountPoints2: {efd17d33-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\MountPoints2: {efd17d3c-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\MountPoints2: {efd17d5e-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-03-26] (Google Inc.)
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d33-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d3c-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\...\MountPoints2: {efd17d5e-94b2-11e3-8076-a0b3cc72df88} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1733140379-2337233290-10970377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKU\S-1-5-21-1733140379-2337233290-10970377-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319614&octid=EB_ORIGINAL_CTID&ISID=4BB52610-C747-40EA-8FF8-1EBC5F38BEAC&SearchSource=58&CUI=&UM=8&UP=SP321D5498-1468-44C5-81E6-78B98F786380&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319614&octid=EB_ORIGINAL_CTID&ISID=4BB52610-C747-40EA-8FF8-1EBC5F38BEAC&SearchSource=58&CUI=&UM=8&UP=SP321D5498-1468-44C5-81E6-78B98F786380&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> {7E13458E-BF3E-4F2F-8665-9C5BFCFE1289} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3253926
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2135E9F9-2F07-4EFB-BC0E-5A79EE90A964}&mid=297f45ef360047d0a80171fa8a96367b-62b710ddeb8d49cb69c57ed7759d41df24834c5a&lang=en&ds=AVG&pr=fr&d=2013-04-10 14:39:04&v=15.2.0.5&pid=avg&sg=52&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80929&lng=en
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1000 -> No Name - {36E08630-E60D-4D95-B8E2-CD1734987EDC} -  No File
Toolbar: HKU\S-1-5-21-1733140379-2337233290-10970377-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.100 24.25.5.60 24.25.5.61
Tcpip\..\Interfaces\{59274E49-E2E0-4883-BE57-777BBD20AEE0}: [NameServer] 166.181.191.17 166.181.127.17

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Admin\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MPT Service; C:\Program Files (x86)\U.S. Cellular Broadband Connect\mptserv.exe [40960 2012-07-02] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 11:19 - 2015-01-23 11:19 - 00013447 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-23 11:13 - 2015-01-23 11:13 - 02126848 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-23 07:36 - 2015-01-23 07:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ADMIN-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2015-01-23 07:36 - 2015-01-23 07:36 - 00000000 ____D () C:\RegBackup
2015-01-23 07:33 - 2015-01-23 07:33 - 00002159 _____ () C:\Users\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-01-23 07:33 - 2015-01-23 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-23 07:33 - 2015-01-23 07:33 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-23 07:32 - 2015-01-23 07:32 - 09817304 _____ () C:\Users\Admin\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-01-22 13:09 - 2015-01-22 13:09 - 00020330 _____ () C:\Users\Troy SSCI\Desktop\FRST 2.txt
2015-01-22 11:55 - 2015-01-22 11:55 - 00000561 _____ () C:\Users\Troy SSCI\Desktop\fixlist.lnk
2015-01-22 08:48 - 2015-01-22 08:48 - 00070653 _____ () C:\Users\Troy SSCI\Desktop\Summary.zip
2015-01-22 08:46 - 2015-01-22 08:46 - 01392488 _____ () C:\Users\Troy SSCI\Desktop\Summary.nfo
2015-01-22 08:43 - 2015-01-22 08:44 - 00017884 _____ () C:\Users\Troy SSCI\Desktop\Addition.txt
2015-01-22 08:42 - 2015-01-22 13:07 - 00020330 _____ () C:\Users\Troy SSCI\Desktop\FRST.txt
2015-01-22 08:41 - 2015-01-23 11:19 - 00000000 ____D () C:\FRST
2015-01-22 08:41 - 2015-01-22 08:41 - 02126848 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST64.exe
2015-01-22 08:41 - 2015-01-22 08:41 - 01118208 _____ (Farbar) C:\Users\Troy SSCI\Desktop\FRST.exe
2015-01-21 13:49 - 2015-01-21 13:49 - 00183260 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.134947.9400.log
2015-01-21 12:55 - 2015-01-21 12:55 - 00183326 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125519.3376.log
2015-01-21 12:52 - 2015-01-21 12:53 - 00365576 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125201.12808.log
2015-01-21 12:51 - 2015-01-21 12:51 - 00190152 _____ (ESET) C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe
2015-01-21 12:51 - 2015-01-21 12:51 - 00002754 _____ () C:\Users\Troy SSCI\Desktop\ESETPoweliksCleaner.exe_20150121.125123.5492.log
2015-01-21 12:30 - 2015-01-21 12:30 - 00000000 ____D () C:\Windows\pss
2015-01-21 12:24 - 2015-01-21 12:24 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\AVG2015
2015-01-21 12:23 - 2015-01-21 12:59 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\Avg2015
2015-01-21 10:53 - 2015-01-21 10:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2015
2015-01-21 10:48 - 2015-01-21 10:48 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 10:47 - 2015-01-21 12:27 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 10:37 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 10:37 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 10:37 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 10:37 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 10:37 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 10:37 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 10:37 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 10:37 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 10:37 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 10:37 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 10:37 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 10:35 - 2015-01-21 10:35 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-21 10:34 - 2015-01-21 10:34 - 00000000 ____D () C:\ProgramData\374311380
2015-01-21 10:24 - 2015-01-21 11:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2015
2015-01-21 10:01 - 2015-01-21 10:12 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\AVG2015
2015-01-08 09:19 - 2015-01-08 09:19 - 00003846 _____ () C:\Windows\System32\Tasks\Security Center Update - 1149245889
2015-01-08 07:08 - 2015-01-08 07:08 - 00003844 _____ () C:\Windows\System32\Tasks\Security Center Update - 1041078340
2015-01-08 07:06 - 2015-01-08 07:08 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Local Store

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 11:15 - 2014-03-26 06:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 11:12 - 2012-09-01 16:58 - 01349613 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 08:25 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 08:25 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 08:19 - 2014-03-26 06:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 08:17 - 2013-04-01 05:26 - 00024330 _____ () C:\Windows\setupact.log
2015-01-23 08:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 08:17 - 2009-07-13 23:45 - 00408136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-23 07:31 - 2012-09-16 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-22 03:04 - 2014-02-17 07:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 03:00 - 2012-09-04 15:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-21 12:21 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2015-01-21 11:42 - 2013-06-19 14:43 - 00000000 ___RD () C:\Users\Admin\Dropbox
2015-01-21 11:37 - 2013-06-19 14:43 - 00001017 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2015-01-21 11:37 - 2013-06-19 14:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-21 11:37 - 2013-06-19 14:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2015-01-21 11:26 - 2014-06-24 08:52 - 00003934 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2015-01-21 11:26 - 2014-06-24 08:52 - 00003504 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2015-01-21 10:54 - 2013-04-10 13:44 - 00213784 _____ () C:\Windows\PFRO.log
2015-01-21 10:50 - 2013-06-10 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 10:50 - 2012-09-16 08:32 - 00000000 ___HD () C:\$AVG
2015-01-21 10:46 - 2012-09-16 08:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 10:34 - 2014-06-24 08:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-01-21 10:31 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-21 10:30 - 2012-09-01 14:03 - 00001413 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 10:29 - 2014-06-24 08:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\SearchProtect
2015-01-21 10:29 - 2012-09-01 14:42 - 00109296 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 10:15 - 2014-02-13 15:07 - 00109296 _____ () C:\Users\Troy SSCI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 10:07 - 2014-03-03 10:02 - 00000000 ____D () C:\Users\Troy SSCI\Desktop\DELIVERY TICKETS FROM SHAWNA
2015-01-21 10:01 - 2014-02-13 11:18 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Roaming\Adobe
2015-01-21 09:56 - 2014-02-13 08:37 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\AVG Secure Search
2015-01-21 09:51 - 2012-09-04 06:14 - 00000000 ____D () C:\ProgramData\BVRP Software
2015-01-06 06:54 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-31 14:54 - 2014-02-13 08:35 - 00000000 ____D () C:\Users\Troy SSCI\AppData\Local\VirtualStore
2014-12-30 10:51 - 2014-02-13 11:15 - 00000000 ____D () C:\Users\Troy SSCI\Documents\Outlook Files

==================== Files in the root of some directories =======
2012-09-04 18:36 - 2012-09-04 18:37 - 0009313 _____ () C:\Users\Admin\AppData\Roaming\Comma Separated Values (DOS).EML
2012-09-01 14:43 - 2012-09-01 14:43 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-21 14:44

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Admin at 2015-01-23 11:20:01
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.31 - Avanquest Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dropbox (HKU\S-1-5-21-1733140379-2337233290-10970377-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 110 series Basic Device Software (HKLM\...\{9EDA8125-D287-4AD1-BE32-6B105A275645}) (Version: 25.0.622.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Manuals Finder (HKLM-x32\...\Manuals Finder) (Version: 1.0 - Manuals Finder) <==== ATTENTION!
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile PhoneTools (x32 Version: 3.55 - BVRP Software) Hidden
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
U.S. Cellular Broadband Connect (HKLM-x32\...\{744DB71D-6844-4FFC-858F-13F9FA028B12}) (Version: 1.12 - Avanquest Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1733140379-2337233290-10970377-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733140379-2337233290-10970377-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733140379-2337233290-10970377-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733140379-2337233290-10970377-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1733140379-2337233290-10970377-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-12-2014 15:04:26 Windows Update
12-12-2014 10:15:52 Windows Update
18-12-2014 14:59:39 Windows Update
29-12-2014 08:01:14 Scheduled Checkpoint
05-01-2015 08:23:27 Scheduled Checkpoint
21-01-2015 10:46:13 Installed AVG 2015
21-01-2015 10:47:07 Installed AVG 2015
21-01-2015 12:20:42 Removed Optimum PC Boost
22-01-2015 03:00:15 Windows Update
23-01-2015 07:34:56 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {094DAD09-CDFD-4AB4-B230-984468172B44} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {10922FF7-6567-4377-8D7E-117B2BEDB765} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {125C5B8C-97AE-4D55-B4DF-C8FF1BC5DE2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {1454EE55-112B-42B3-B5FC-5DBFF29289F8} - System32\Tasks\Security Center Update - 1041078340 => C:\Users\Troy SSCI\AppData\Roaming\Syzuybip\yppih.exe <==== ATTENTION
Task: {32F8CD6C-381E-4E14-805B-DC79A60784D0} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {413B11EA-F0DF-4F70-8F4C-06DCBF4969C5} - System32\Tasks\hpUrlLauncher.exe_{0A328F0E-3DEF-462F-ABF1-ADEF6668B2C7} => C:\Program Files\HP\HP ENVY 110 series\Bin\utils\hpUrlLauncher.exe [2011-09-19] (Hewlett-Packard Co.)
Task: {45A8EECE-BFAA-4559-AF0A-80F5E5825526} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {9B08DC0E-251A-4006-9F46-C158F44133D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {D1B4810D-366B-4940-B4EF-CF6FFCB9C89B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DC1AC730-23C0-4830-9D4A-3D7E778BD3B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {E442231A-88A2-4B1B-8970-A4DC259ADFBD} - System32\Tasks\Security Center Update - 1149245889 => C:\Users\Troy SSCI\AppData\Roaming\Nyduruve\owcyad.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-14 10:27 - 2011-03-14 10:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-01-10 09:18 - 2012-07-02 14:11 - 00040960 _____ () C:\Program Files (x86)\U.S. Cellular Broadband Connect\mptserv.exe
2014-08-12 06:41 - 2014-08-12 06:41 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-12 06:41 - 2014-08-12 06:41 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-02-14 09:10 - 2014-08-28 05:39 - 01654296 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP ENVY 110 series (NET) => "C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A1C206305QR:NW" -scfn "HP ENVY 110 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: {E9AE9B9A-A99F-AA8F-27E8-A8E99BAE8b85} => "C:\Program Files (x86)\U.S. Cellular Broadband Connect\AvqAutoRun.exe" "C:\Program Files (x86)\U.S. Cellular Broadband Connect\mphonetools.exe" /OnPlug=%s

========================= Accounts: ==========================

Admin (S-1-5-21-1733140379-2337233290-10970377-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1733140379-2337233290-10970377-500 - Administrator - Disabled)
Guest (S-1-5-21-1733140379-2337233290-10970377-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1733140379-2337233290-10970377-1002 - Limited - Enabled)
Troy SSCI (S-1-5-21-1733140379-2337233290-10970377-1004 - Limited - Enabled) => C:\Users\Troy SSCI

==================== Faulty Device Manager Devices =============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 08:18:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/23/2015 08:18:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/23/2015 08:18:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:29:59 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/22/2015 11:57:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:46:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/21/2015 01:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:32:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/21/2015 00:33:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/21/2015 00:27:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (01/21/2015 00:27:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (01/21/2015 00:26:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (01/21/2015 00:26:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (01/21/2015 00:26:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (01/21/2015 00:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (01/21/2015 00:25:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/21/2015 00:24:16 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Admin-PCTroy SSCIS-1-5-21-1733140379-2337233290-10970377-1004LocalHost (Using LRPC)

Error: (01/21/2015 00:23:47 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Admin-PCTroy SSCIS-1-5-21-1733140379-2337233290-10970377-1004LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (01/23/2015 08:18:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/23/2015 08:18:08 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/23/2015 08:18:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 07:29:59 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/22/2015 11:57:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 03:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 02:46:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/21/2015 01:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 00:32:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 6044.36 MB
Available physical RAM: 4243.64 MB
Total Pagefile: 12086.9 MB
Available Pagefile: 9953.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:637.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 854FA391)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#15 Shawna927

Shawna927
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 23 January 2015 - 03:21 PM

i will be leaving the office today at 430 Eastern time and we are closed sat and sun and i will be back in the office monday morning. just wanted to let you know so you wouldnt think i left you hanging. thank you for all your help with this issue it is greatly appreciated.

 

Have a good weekend

Shawna






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users