Jump to content

I Cannot Get Rid Of http://cdn.usersyncads.com, Please Assist


BigBen

Recommended Posts

Hello Again,
I ran the Farbar tool, and as per the instructions, I have pasted the scan results below.


I'm running Windows 7 and IE 11, and I see that this (http:cdn.usersyncads.com) is constantly running when I look at my Tasks.
I believe it's creating nonsense ads with sound, but no picture.
How do I delete this program?
I've Installed then Uninstalled AdAware & Spybot S&D several days ago.  I tried using them, but they didn't help either.

 

Thanks Again,
BigBen



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Above All (administrator) on ABOVEALL-PC on 28-01-2015 15:44:14
Running from C:\Users\Above All\Desktop
Loaded Profiles: Above All (Available profiles: Above All)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RUNUPDATER] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe [465728 2010-09-29] (Dell Inc.)
HKLM-x32\...\Run: [Dell 1355 MFP Launcher] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe [2211136 2012-04-19] ()
HKLM-x32\...\Run: [Dell 1355 MFP RUN] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe [2484544 2012-04-19] (Dell)
HKLM-x32\...\Run: [statusAutoRun] => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe [3792704 2012-04-19] (Dell Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-131292079-2632451939-3531817042-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-131292079-2632451939-3531817042-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-131292079-2632451939-3531817042-1001\...\MountPoints2: {96f3c163-e099-11e1-9bca-782bcba6817e} - E:\TL-Bootstrap.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [HKLM] => http=127.0.0.1:49250;https=127.0.0.1:49250
ProxyServer: [HKLM-x32] => http=127.0.0.1:49250;https=127.0.0.1:49250
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-131292079-2632451939-3531817042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://myyahoo.com/
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\S-1-5-21-131292079-2632451939-3531817042-1001 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M45E459ED-FBF0-4621-832A-E9DE35CA720C&SearchSource=58&CUI=&UM=8&UP=SPC8089719-F45A-4544-AE4F-9F040A30AB81&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-131292079-2632451939-3531817042-1001 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M45E459ED-FBF0-4621-832A-E9DE35CA720C&SearchSource=58&CUI=&UM=8&UP=SPC8089719-F45A-4544-AE4F-9F040A30AB81&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-131292079-2632451939-3531817042-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_digitalrivercomparativelp_150112&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default
FF NewTab: about:newtab
FF SelectedSearchEngine: Trovi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\user.js
FF SearchPlugin: C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\searchplugins\securesearch.xml
FF SearchPlugin: C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\searchplugins\trovi.xml
FF Extension: jid0HYNmqxA9zQGfJADREri4n2AHKSIjetpack - C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\Extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack [2014-12-25]
FF Extension: DIgiiSavveer - C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\Extensions\pTYgW@d.com [2015-01-12]
FF Extension: Yahoo! Toolbar - C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-07-05]
FF Extension: c07d1a49989449ffa59438960ede8fb9 - C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9} [2014-12-24]
FF HKU\S-1-5-21-131292079-2632451939-3531817042-1001\...\Firefox\Extensions: [{9DBD7E94-0916-D9AC-EFF0-25CB7DE4421A}] - C:\Program Files (x86)\ver8BlockAndSurf\186.xpi
FF Extension: No Name - C:\Users\Above All\AppData\Roaming\Mozilla\Firefox\Profiles\mbu9s7z1.default\extensions\172cfb0d00604ca2807d96193776c@90fc73dda8c44c58a81f097d.com [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [90432 2012-04-19] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 MpKsl5f0088ee; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C7935EE-BEAC-4B13-A415-C50FE15FE222}\MpKsl5f0088ee.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 15:44 - 2015-01-28 15:44 - 00016419 _____ () C:\Users\Above All\Desktop\FRST.txt
2015-01-28 15:44 - 2015-01-28 15:44 - 00000000 ____D () C:\FRST
2015-01-28 15:43 - 2015-01-28 15:43 - 02130432 _____ (Farbar) C:\Users\Above All\Desktop\FRST64.exe
2015-01-28 01:01 - 2015-01-28 01:01 - 00276752 _____ () C:\Windows\Minidump\012815-47174-01.dmp
2015-01-27 18:01 - 2015-01-27 18:01 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-27 18:01 - 2015-01-27 18:01 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\TuneUp Software
2015-01-27 18:01 - 2015-01-27 18:01 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\AVG2015
2015-01-27 18:01 - 2015-01-27 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-27 17:59 - 2015-01-27 18:01 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-27 17:59 - 2015-01-27 17:59 - 00000000 ___HD () C:\$AVG
2015-01-27 17:58 - 2015-01-27 17:58 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-27 17:52 - 2015-01-28 14:10 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-27 17:52 - 2015-01-27 18:04 - 00000000 ____D () C:\Users\Above All\AppData\Local\Avg2015
2015-01-27 17:52 - 2015-01-27 17:52 - 00000000 ____D () C:\Users\Above All\AppData\Local\MFAData
2015-01-27 14:02 - 2015-01-28 14:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 14:01 - 2015-01-27 14:01 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-27 14:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 14:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 14:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 12:17 - 2015-01-27 12:17 - 00000000 ____D () C:\ProgramData\7859d2e700003425
2015-01-27 12:12 - 2015-01-27 12:12 - 00613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsb313B.tmp
2015-01-27 11:52 - 2015-01-27 11:52 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-27 11:47 - 2015-01-27 11:47 - 00000000 ____D () C:\WebGuard
2015-01-27 11:46 - 2015-01-27 11:46 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-01-27 11:40 - 2015-01-27 11:40 - 00613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsk866E.tmp
2015-01-27 11:40 - 2015-01-27 11:40 - 00613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsf68C1.tmp
2015-01-27 11:38 - 2015-01-27 11:39 - 00006292 _____ () C:\Windows\wininit.ini
2015-01-27 11:37 - 2015-01-27 11:37 - 00628496 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsuAD39.tmp
2015-01-27 10:17 - 2015-01-27 12:35 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-27 10:17 - 2015-01-27 12:15 - 00002836 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-27 10:17 - 2015-01-27 12:15 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-27 10:14 - 2015-01-27 10:14 - 00613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsy2631.tmp
2015-01-27 10:12 - 2015-01-27 10:11 - 00613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsiB672.tmp
2015-01-27 10:06 - 2015-01-27 12:19 - 00001104 _____ () C:\Users\Above All\Desktop\Continue Live Installation.lnk
2015-01-27 09:57 - 2015-01-27 12:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 09:57 - 2015-01-27 12:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-27 09:57 - 2015-01-27 11:48 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2015-01-27 09:57 - 2015-01-27 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-01-27 09:57 - 2015-01-27 09:57 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\CompuClever
2015-01-27 09:57 - 2014-07-01 12:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-01-24 18:47 - 2015-01-24 18:47 - 04087472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 18:12 - 2015-01-24 18:10 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 18:12 - 2015-01-24 18:10 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 18:12 - 2015-01-24 18:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 19:00 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 18:58 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-23 18:58 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-22 12:00 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-22 12:00 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-22 12:00 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-22 12:00 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-22 12:00 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-22 12:00 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-22 12:00 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-22 12:00 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-22 12:00 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-22 12:00 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-22 12:00 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-22 12:00 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-22 12:00 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-22 12:00 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-22 12:00 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-22 11:35 - 2015-01-22 11:35 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\jzhykegs
2015-01-22 11:34 - 2015-01-22 11:34 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\gdqgcjxi
2015-01-22 11:33 - 2015-01-22 11:33 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\vazbfhul
2015-01-22 11:33 - 2015-01-22 11:33 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\cbyyndkc
2015-01-22 11:32 - 2015-01-22 11:32 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\ixqktfta
2015-01-17 14:30 - 2015-01-22 12:55 - 00000000 ____D () C:\Users\Above All\Desktop\Petro Patterson Heating Survey Checklist
2015-01-17 02:10 - 2015-01-22 12:53 - 00000000 _____ () C:\sparkraw.log
2015-01-15 07:15 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 07:15 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 07:15 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 07:15 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 07:15 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 07:15 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 07:15 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:32 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 23:09 - 2015-01-11 23:09 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\lbqjqlbb
2015-01-11 22:00 - 2015-01-27 18:28 - 00000000 ____D () C:\ProgramData\ikifgpcjdbbgboknlekblkiimjinnolh
2015-01-11 11:30 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files (x86)\Happoy2Siave
2015-01-11 11:26 - 2015-01-11 11:26 - 00000000 ____D () C:\Program Files (x86)\DiiscountExtensi
2015-01-11 10:00 - 2015-01-12 07:40 - 00000000 ____D () C:\ProgramData\DiiscountExtensi
2015-01-11 09:59 - 2015-01-12 07:40 - 00000000 ____D () C:\ProgramData\Happoy2Siave
2015-01-10 10:50 - 2015-01-10 10:50 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\zqbzvrcg
2015-01-10 10:06 - 2015-01-11 22:01 - 00000000 ____D () C:\ProgramData\d1580b4d44405f02
2015-01-08 07:09 - 2015-01-28 12:15 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-08 07:09 - 2015-01-27 12:24 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-08 07:09 - 2015-01-27 12:15 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-07 21:09 - 2015-01-07 21:09 - 00000000 __SHD () C:\Users\Above All\AppData\Roaming\AnyProtectEx
2015-01-07 21:09 - 2015-01-07 21:08 - 00628496 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsnFA64.tmp
2015-01-07 14:22 - 2015-01-07 14:22 - 00000981 _____ () C:\Users\Above All\Downloads\ATT00001 (6).htm
2015-01-07 13:59 - 2015-01-07 13:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-07 11:43 - 2015-01-07 11:43 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\WebTest
2015-01-06 12:59 - 2015-01-06 13:10 - 00028672 _____ () C:\Users\Above All\Desktop\SF_ RESS Effective Usage 01.2015.xls
2015-01-01 22:07 - 2015-01-01 22:07 - 00000064 _____ () C:\Users\Above All\AppData\Local\b08ff1ae5b37cd3e95e25f12edb3b8af

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 14:47 - 2012-08-04 07:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 14:43 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 14:43 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 14:39 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 14:38 - 2012-08-01 19:25 - 01371878 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 14:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 14:35 - 2009-07-13 23:51 - 00043673 _____ () C:\Windows\setupact.log
2015-01-28 01:01 - 2012-08-01 19:22 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 01:01 - 2012-08-01 19:21 - 799157265 _____ () C:\Windows\MEMORY.DMP
2015-01-27 20:58 - 2010-11-20 22:47 - 00490572 _____ () C:\Windows\PFRO.log
2015-01-27 10:13 - 2014-08-23 09:02 - 00000000 ____D () C:\Users\Above All\AppData\Local\Adobe
2015-01-26 07:35 - 2013-01-19 07:35 - 00000496 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-01-25 23:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-25 18:24 - 2013-01-19 07:30 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-25 18:22 - 2014-09-07 19:38 - 00000000 ____D () C:\Users\Above All\AppData\Roaming\LavasoftStatistics
2015-01-25 16:40 - 2013-07-27 07:10 - 00000000 ____D () C:\Users\Above All\AppData\Local\Google
2015-01-25 16:40 - 2013-07-27 07:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 14:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-25 14:00 - 2012-10-18 09:56 - 00000000 ____D () C:\Users\Above All\Desktop\Funny Pics 10-12
2015-01-24 18:47 - 2012-08-04 07:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:47 - 2012-08-04 07:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:47 - 2012-08-04 07:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:13 - 2013-11-01 07:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 18:12 - 2012-09-06 16:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 18:10 - 2014-11-01 09:55 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 17:23 - 2012-08-03 06:48 - 00000000 ____D () C:\Users\Above All\Desktop\Above All
2015-01-22 12:49 - 2012-08-03 06:48 - 00000000 ____D () C:\Users\Above All\Desktop\2010 PRIUS IV
2015-01-22 12:04 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-22 11:43 - 2012-08-01 17:13 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-19 22:21 - 2012-08-03 06:54 - 00000000 ____D () C:\Users\Above All\Desktop\New Pics
2015-01-15 03:05 - 2013-08-18 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2012-08-04 06:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 07:40 - 2014-12-20 08:41 - 00000000 ____D () C:\ProgramData\FellowSky
2015-01-11 11:11 - 2012-08-03 06:54 - 00000000 ____D () C:\Users\Above All\Desktop\PETRO
2015-01-10 09:56 - 2012-08-01 19:47 - 00000000 ____D () C:\Users\Above All
2015-01-10 09:56 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-10 09:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-07 13:57 - 2013-07-27 07:11 - 00000000 ____D () C:\Program Files\Google
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-08-07 08:33 - 2012-08-07 09:06 - 0000093 _____ () C:\Users\Above All\AppData\Roaming\ARCompanion.log
2015-01-01 22:07 - 2015-01-01 22:07 - 0000064 _____ () C:\Users\Above All\AppData\Local\b08ff1ae5b37cd3e95e25f12edb3b8af
2013-01-22 09:08 - 2013-05-04 16:02 - 0004608 _____ () C:\Users\Above All\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-27 12:12 - 2015-01-27 12:12 - 0613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsb313B.tmp
2015-01-27 11:40 - 2015-01-27 11:40 - 0613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsf68C1.tmp
2015-01-27 10:12 - 2015-01-27 10:11 - 0613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsiB672.tmp
2015-01-27 11:40 - 2015-01-27 11:40 - 0613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsk866E.tmp
2015-01-07 21:09 - 2015-01-07 21:08 - 0628496 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsnFA64.tmp
2015-01-27 11:37 - 2015-01-27 11:37 - 0628496 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsuAD39.tmp
2015-01-27 10:14 - 2015-01-27 10:14 - 0613057 _____ (CMI Limited) C:\Users\Above All\AppData\Local\nsy2631.tmp
2012-08-01 16:55 - 2012-08-01 16:55 - 0000017 _____ () C:\Users\Above All\AppData\Local\resmon.resmoncfg
2014-11-22 22:06 - 2014-11-22 22:06 - 0000000 _____ () C:\Users\Above All\AppData\Local\{1AB1D223-8162-4B08-A528-5D85FF5C4F06}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-131292079-2632451939-3531817042-1001\$43313d482d45d0edc590b2d17760f0a0

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$43313d482d45d0edc590b2d17760f0a0

Some content of TEMP:
====================
C:\Users\Above All\AppData\Local\Temp\amisetup2584__11003.exe
C:\Users\Above All\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Above All\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 01:32

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Above All at 2015-01-28 15:44:55
Running from C:\Users\Above All\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{52332168-ED5B-63D4-E3E7-414BFD2C81BC}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.1116.2152.39231 - ATI) Hidden
Citrix online plug-in (Web) (HKLM-x32\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Dell 1355cn/1355cnw Color MFP (HKLM-x32\...\InstallShield_{34BE5AE0-B63F-460D-B514-A126570CAD7D}) (Version: 1.033.0 - Dell Inc.)
Dell 1355cn/1355cnw Color MFP (x32 Version: 1.033.0 - Dell Inc.) Hidden
Dell Printer Driver Updater (x32 Version: 1.006.00 - Dell) Hidden
Dell Printer Driver Updater (x32 Version: 1.018.00 - Dell) Hidden
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-131292079-2632451939-3531817042-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Above All\AppData\Roaming\jzhykegs\tivesen.dll () <==== ATTENTION

==================== Restore Points  =========================

22-01-2015 11:59:15 Windows Update
24-01-2015 03:00:37 Windows Update
25-01-2015 18:20:09 AA11
25-01-2015 18:23:29 LavasoftWeCompanion
27-01-2015 17:57:23 Installed AVG 2015
27-01-2015 17:58:36 Installed AVG 2015
27-01-2015 21:10:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F113CDA-CCD1-456B-B82B-E3717D165127} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {208AB469-E83C-43E9-A68E-6799B2F2BCAA} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3A321735-8F6C-4A69-96D2-15667D515E29} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {4193E818-21B3-4A0E-AAE5-9C9504B576B7} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {4E8A7F24-78BC-4A17-A0CB-03A95C6AA949} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EF57A46-57F1-43DF-B167-DF70FB43DA94} - System32\Tasks\{DA042BA7-A9A1-4A00-9248-1A52190334C0} => pcalua.exe -a "C:\Users\Above All\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5HXW781\Adaware_Installer.exe" -d "C:\Users\Above All\Desktop"
Task: {5A126407-61FF-4832-B915-F21326064DEF} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {61F7AA35-B34A-4894-ADD8-82B2B9D9519A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {782A1660-35C7-49BF-9626-A1DE51278E06} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {812CEF1F-980C-4E73-AB9A-F9EEFA0D198E} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {864926E9-5F91-44AD-9C51-2314170DF3B7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {868987B3-B4CD-4B24-B48B-4FEC55D5BA60} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9698977B-A02E-4416-9693-9DF593FE95A4} - \DonutQuotes No Task File <==== ATTENTION
Task: {B470791C-58E5-4C9B-88DF-1A086EB39ED0} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
Task: {BC71017C-2DC4-4A6E-BCFD-5AD605F01800} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C355AAEF-F3F6-41C6-9C2F-0611C3F127A3} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe
Task: {C5ED7797-65C4-4E22-99C3-63FB677CBF75} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
Task: {ED4395EE-8D2E-4A78-935B-0E3E0601C851} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {EE8C3DE7-A587-45EA-B93F-A153E105A255} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-04-19 17:51 - 2012-04-19 17:51 - 00090432 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
2013-12-06 14:39 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-08-12 17:55 - 2011-02-14 08:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2012-04-19 17:51 - 2012-04-19 17:51 - 00252224 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
2012-04-19 17:51 - 2012-04-19 17:51 - 00238400 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
2010-08-26 18:12 - 2010-08-26 18:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-16 23:51 - 2010-11-16 23:51 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-22 11:35 - 2015-01-22 11:35 - 00157696 _____ () C:\Users\Above All\AppData\Roaming\jzhykegs\tivesen.dll
2012-08-01 18:43 - 2012-04-07 16:25 - 13980672 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlnapRC.DLL
2012-08-01 18:43 - 2010-04-22 16:28 - 00678400 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlnapips.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Above All (S-1-5-21-131292079-2632451939-3531817042-1001 - Administrator - Enabled) => C:\Users\Above All
Administrator (S-1-5-21-131292079-2632451939-3531817042-500 - Administrator - Disabled)
Guest (S-1-5-21-131292079-2632451939-3531817042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-131292079-2632451939-3531817042-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: MpKsl5f0088ee
Description: MpKsl5f0088ee
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl5f0088ee
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 02:37:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2015 02:36:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 00:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e3c

Start Time: 01d03b15a76061b8

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/28/2015 10:13:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 31dc

Start Time: 01d03b0a643fd41a

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/28/2015 08:41:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2015 01:03:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 11:02:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x006b9000
Faulting process id: 0x294c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/27/2015 10:27:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/27/2015 08:59:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 08:15:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29906

System errors:
=============
Error: (01/28/2015 01:14:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (01/28/2015 08:42:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (01/28/2015 08:42:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (01/28/2015 01:02:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 01:02:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (01/28/2015 01:01:45 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x0000000000000538, 0x0000000000000002, 0x0000000000000000, 0xfffff88004690836)C:\Windows\MEMORY.DMP012815-47174-01

Error: (01/28/2015 01:01:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:58:00 AM on ‎1/‎28/‎2015 was unexpected.

Error: (01/28/2015 00:55:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/28/2015 00:55:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/28/2015 00:54:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Microsoft Office Sessions:
=========================
Error: (01/28/2015 02:37:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (01/28/2015 02:36:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 00:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961e3c01d03b15a76061b830C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/28/2015 10:13:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749631dc01d03b0a643fd41a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/28/2015 08:41:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (01/28/2015 01:03:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 11:02:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccMSHTML.dll11.0.9600.17496546ff2f9c0000005006b9000294c01d03aac3e62b149C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll6dfcb673-a6a2-11e4-9930-782bcba6817e

Error: (01/27/2015 10:27:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (01/27/2015 08:59:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 08:15:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29906

==================== Memory info ===========================

Processor: Intel® Core i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8148.93 MB
Available physical RAM: 4612.02 MB
Total Pagefile: 16296.05 MB
Available Pagefile: 12181.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:805.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4920479E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


 

Link to post
Share on other sites

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

Hi TwinHeadedEagle,
Thanks for your help.
I printed your instructions, then downloaded the Anti-Rootkit to my desktop, and tried running it.

I closed the browser, and received an error message:
Scan failed
This version of Malwarebytes nti-Rootkit required you to completely exit the Malwarebytes application to continue.


Any ideas, on how to proceed?
Thanks Again,

Ben

 

Link to post
Share on other sites

Not sure that I understand.
If I right click on the icon in the bottom of the screen (near the Start button) when the Anti-Rookit is starting, it simply closes the program.
Everything else is closed.
There is no other icon on the screen.

I just tried it again, and I still get the same error message as before.
 

Link to post
Share on other sites

warning.gif Multiple Resident Protection warning!
 
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • Microsoft Security Essentials
  • AVG AntiVirus 2015

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

OK, I uninstalled the AVG 2015.  The only reason I tried it, was because that dang virus got through the MSE protection.
I ran everything as instructed, attached are the 2 files.

THANK YOU very much, for all of your help.
Upon completion of all of the processes & fixes, I will be donating as a thank you!!!

Ben




 

Fixlog.txt

AdwCleanerS0.txt

Link to post
Share on other sites

Pretty good, so far.
Seems as that virus is gone, haven't noticed that invisible ad in background.c

 

Computer's speed seems to have picked-up a little bit.

I still have to refresh a page or two once in a while though.
Haven't had the screen just freeze lately.

 

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

I just reset IE.
I'm hesitant on running the DelFix tool to remove the cleaning tools, until we're certain this thing is clean.

Being that no question is a dumb question...   LOL...
Also, should I download all of the above mentioned cleaners, or just 1 or 2???
Which do you suggest?
Do they conflict each other?

Thanks Again,
 

Ben

 


 

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.