Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Browsers/Programs wont open/run

This is a discussion on Browsers/Programs wont open/run within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Pretty sure I have some sort of virus. Turned my PC on yesterday morn, checked email, left on rest of


Closed Thread
 
Thread Tools Search this Thread
Old 03-08-2016, 08:55 AM   #1
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Pretty sure I have some sort of virus. Turned my PC on yesterday morn, checked email, left on rest of the day, didn't use it the rest of the day, shut it down, turned back on today and now I cant open browsers of programs. Browsers just open a blank screen and then after a while I get a failed to open message. ran scanner, no hits. System restore wont open, that's usually a sign of something. Operating system is Win 7 Ultimate.


I had to boot in safemode to run DDS. I'm still in safemode and decided to try System Restore and it looks like it will allow me to restore back to March 3rd. Should I attempt a restore?



DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 11.45.2
Run by Drake at 10:36:21 on 2016-03-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8130.7065 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2014 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={28C4576C-C0F1-447D-9B66-D1706ACB0CB2}&mid=a33be5703f9647d2a682f54322e3a560-cd230193b0aaff133b68acd93bcc6aadf50db901&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215avi&pr=fr&d=2015-03-21 00:46:00&v=4.2.4.155&pid=wtu&sg=&sap=hp
uProxyServer = 151.236.63.217:3128
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [Dropbox Update] "C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
StartupFolder: C:\Users\Drake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8F39E773-44F6-4C55-9F83-1AA10F9A5F64} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Users\Drake\AppData\Local\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Users\Drake\AppData\Local\thinkorswim\nptossc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-26 237536]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-26 369120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-26 211936]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-11 20464]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-11 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-11 786416]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
S1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
S1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-18 276960]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2014-7-11 927232]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2016-2-5 1443144]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2016-2-5 3260328]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2016-2-5 301896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-7-11 169432]
S2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-11-4 188072]
S2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-10-20 37184]
S2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2015-10-20 130880]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-3-16 240232]
S2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2016-1-23 339968]
S2 vToolbarUpdater40.2.6;vToolbarUpdater40.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [2016-2-22 1949768]
S2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-3-20 1215560]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2014-7-11 165688]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2014-7-11 22736]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2014-7-11 598808]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2014-7-11 39976]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-02-06 17:48:18 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-02-06 17:48:18 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-22 23:37:35 6381480 ----a-w- C:\Windows\System32\MetaViewer64.dll
2015-12-14 22:24:25 130880 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
.
============= FINISH: 10:36:59.18 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2014 12:23:52 AM
System Uptime: 3/8/2016 10:35:55 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | MAXIMUS VI EXTREME
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz | SOCKET 1150 | 3500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 54.48 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: AMDA00 Interface
Device ID: ACPI\PNP0A0A\2&DABA3FF&2
Manufacturer: ASUSTeK Computer Inc.
Name: AMDA00 Interface
PNP Device ID: ACPI\PNP0A0A\2&DABA3FF&2
Service: WUDFRd
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_153B&SUBSYS_859F1043&REV_05\3&11583659&0&C8
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_153B&SUBSYS_859F1043&REV_05\3&11583659&0&C8
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP99: 2/25/2016 2:45:04 PM - Scheduled Checkpoint
RP100: 3/3/2016 6:34:30 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Flash Player 18 ActiveX
Adobe Flash Player 20 NPAPI
Adobe Refresh Manager
AVG 2014
AVG Web TuneUp
Broadcom 802.11 Network Adapter
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dropbox
EVGA Precision 1.9.2
FIBINATOR
Forex Income Boss Indicators
Forex Income Boss SRT Profit System
GetDataBack Simple
Google Chrome
Google Update Helper
InfoLinkAtl x32 Components
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 8 Update 45
Java Auto Updater
join.me
Microsoft .NET Framework 4.5
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 44.0.2 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OANDA - MetaTrader
Popcorn Time
Razer Comms
Realtek High Definition Audio Driver
TD AMERITRADE StrategyDesk 3.7
thinkorswim
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WIDCOMM Bluetooth Software
World of Warships
.
==== Event Viewer Messages From Past Week ========
.
3/8/2016 10:36:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2016 10:36:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2016 10:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2016 10:36:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2016 10:36:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2016 10:36:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2016 10:36:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Avgdiska Avgfwfd AVGIDSDriver Avgldx64 Avgtdia cdrom CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:36:04 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2016 10:33:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
3/8/2016 1:43:17 AM, Error: Service Control Manager [7016] - The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
.
==== End Of File ===========================
YSRRider is offline  
Sponsored Links
Advertisement
 
Old 03-08-2016, 02:43 PM   #2
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



I checked some additional boxes in my AVG and was able to detect 4 threats and removed them. PC still stalled on reboot. I reset in normal mode and I am able to get onto the internet now. Still want to proceed with more scans...... awaiting further instructions.
YSRRider is offline  
Old 03-10-2016, 12:32 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

I noticed you have AVG Web TuneUp installed.

Please read this and decide if you want to keep it >> SystemLookup

I highly suggest you uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folders if they still exist:

C:\Program Files\AVG Web TuneUp

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 03-10-2016, 12:38 PM   #4
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Hi chemist, thank you for the reply. before I proceed i'd like to know if you read my PM. I think the solution MAY be alot more simple than a typical virus removal. I have run a number of scans and most came up empty. I think the issue might be as simple as dumping some TEMP folders. You will read more details in my PM. I can also attach a screen shot of the files that I was able to find. (I have not deleted anything yet)
YSRRider is offline  
Old 03-10-2016, 01:01 PM   #5
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Found some stuff that my scans didnt uncover. heres log.....

# AdwCleaner v5.101 - Logfile created 10/03/2016 at 14:54:59
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Drake - DRAKE-PC
# Running from : C:\Users\Drake\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hiphopmyway.com_0.localstorage
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hiphopmyway.com_0.localstorage-journal
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected]
[-] File Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\prefs.js] [Preference] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{d7456120-8495-42da-b759-1cdf699c39e4}\",\"mid\":\"a33be5703f9647d2a682f54322e3a560-[...]
[-] [C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[-] [C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename.US", "AVG Secure Search");
[-] [C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5716 bytes] - [10/03/2016 14:54:59]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [5593 bytes] - [10/03/2016 14:45:24]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [5900 bytes] - [10/03/2016 14:51:18]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5995 bytes] ##########
YSRRider is offline  
Old 03-10-2016, 01:02 PM   #6
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



FRST wont run, I need FRST64?
YSRRider is offline  
Old 03-10-2016, 01:07 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello YSRRider. Yes, my bad. I did read your PM and we will empty your temp folders, etc. later.

Did you set this proxy:

Quote:
uProxyServer = 151.236.63.217:3128
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2016, 01:49 PM   #8
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



I may have at one time? I know I was trying to figure out how to use a proxy server at one time just to learn it but I dont believe that was on this computer. The server was slower than snot so I had deleted the address and set everything back to old settings.

Where do I go to see if that proxy is still entered? I forget.
YSRRider is offline  
Old 03-10-2016, 02:05 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Go IE > Tools > Internet Options > Connections > LAN settings

IP Address: 151.236.63.217
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2016, 02:05 PM   #10
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Drake (2016-03-10 15:56:50)
Running from C:\Users\Drake\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-07-12 05:23:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2581635792-2260966447-853825529-500 - Administrator - Disabled)
Drake (S-1-5-21-2581635792-2260966447-853825529-1000 - Administrator - Enabled) => C:\Users\Drake
Guest (S-1-5-21-2581635792-2260966447-853825529-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2581635792-2260966447-853825529-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2014 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4855 - AVG Technologies)
AVG 2014 (Version: 14.0.4477 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4855 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.6.552 - AVG Technologies)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.31.95.4 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dropbox (HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVGA Precision 1.9.2 (HKLM-x32\...\Precision) (Version: 1.9.2 - EVGA Corporation)
FIBINATOR (HKLM-x32\...\FIBINATOR) (Version: - )
Forex Income Boss Indicators (HKLM-x32\...\Forex Income Boss Indicators) (Version: - )
Forex Income Boss SRT Profit System (HKLM-x32\...\Forex Income Boss SRT Profit System) (Version: - )
GetDataBack Simple (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}) (Version: 1.02.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
InfoLinkAtl x32 Components (HKLM-x32\...\{F20C34C7-A2D7-488A-8379-BE64766D39C0}) (Version: 6.5.7.0 - Sungard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
join.me (HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9717 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.11.9717 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6895 - Realtek Semiconductor Corp.)
TD AMERITRADE StrategyDesk 3.7 (HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\{A44F5E0A-1D2E-4C58-B5EA-414F3AA0FA9D}) (Version: 3.7 - TD AMERITRADE)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3800 - Broadcom Corporation)
World of Warships (HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2581635792-2260966447-853825529-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3FD5ECCD-D808-434D-AECF-C25D402E7CC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4E17EC24-31D9-4794-A0E8-F5B002498880} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {68100D47-2F45-4696-AC58-5B300E55132A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C8853FBE-6040-402E-94F1-30D8301D204D} - System32\Tasks\{B7A59143-03D9-4025-A1C9-0F384AC23F4A} => C:\Program Files (x86)\Sti\SterlingTraderPro\Base.exe
Task: {E141B608-BF3C-4864-A010-F62AE3D07B83} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000Core => C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)
Task: {E4938B89-389A-4DA3-B7BE-2CA5ECB37CC6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000UA => C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000Core.job => C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000UA.job => C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 23:45 - 2016-02-22 19:40 - 01215560 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-07-11 23:29 - 2012-10-29 01:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2015-11-04 18:11 - 2015-11-04 18:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-07-11 23:29 - 2016-03-10 15:20 - 00034304 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-07-11 23:29 - 2012-05-07 10:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-12-12 13:58 - 2016-01-12 12:44 - 00034768 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-18 21:45 - 2016-01-12 12:45 - 00019408 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-02-18 21:45 - 2016-01-12 12:44 - 00116688 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 13:58 - 2016-01-12 12:44 - 00093640 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 13:58 - 2016-01-12 12:44 - 00018376 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 13:58 - 2016-02-16 12:39 - 00019760 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00105928 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-02-18 21:45 - 2016-01-12 12:44 - 00392144 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 13:58 - 2016-02-16 12:39 - 00381752 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 13:58 - 2016-01-12 12:44 - 00692688 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-18 21:45 - 2016-02-16 12:38 - 00020816 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 13:58 - 2016-01-12 12:45 - 00112592 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-18 21:45 - 2016-02-16 12:38 - 01682760 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-18 21:45 - 2016-02-16 12:38 - 00020808 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 13:58 - 2016-02-16 12:39 - 00020800 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 13:58 - 2016-02-16 12:39 - 00021840 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00038696 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-02-18 21:45 - 2016-01-12 12:46 - 00020936 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00024528 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00114640 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00124880 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00021832 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00024016 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00175560 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00030160 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00043472 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00028616 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00048592 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00026456 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 13:58 - 2016-01-12 12:46 - 00057808 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00024016 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-18 21:45 - 2016-02-16 12:38 - 00117056 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00024392 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-18 21:45 - 2016-01-12 12:47 - 00036296 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 13:58 - 2016-02-16 12:39 - 00023376 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 13:58 - 2016-01-12 12:44 - 00134608 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-02-18 21:45 - 2016-01-12 12:44 - 00134088 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-18 21:45 - 2016-01-12 12:45 - 00240584 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00052024 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00020800 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00021824 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00019776 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00020800 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-18 21:45 - 2016-02-16 12:38 - 00020280 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 13:58 - 2016-01-12 12:47 - 00350152 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00022352 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00084792 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-02-18 21:45 - 2016-02-16 12:39 - 01826096 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 13:58 - 2016-01-12 12:45 - 00083912 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\sip.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 03928880 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 01971504 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00531248 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00132912 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00223544 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00207672 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00158008 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00042808 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-18 21:45 - 2016-01-12 12:49 - 00017864 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-18 21:45 - 2016-01-12 12:49 - 01631184 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 13:58 - 2016-02-16 12:39 - 00024904 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00546096 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-02-18 21:45 - 2016-02-16 12:39 - 00357680 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 15:45 - 2016-01-12 12:52 - 00697304 _____ () C:\Users\Drake\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-03-08 21:33 - 2016-03-07 20:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-08 21:33 - 2016-03-07 20:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-09 16:14 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\Drake\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2581635792-2260966447-853825529-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C8BE7669-6E2F-4853-9BB2-79E16B4072B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{740CCF5D-C1C4-4009-8B8B-33C9F4C0EAAB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{FFAB2EFD-E49B-45D2-A0AC-1CD608385002}] => (Allow) C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{386EB1EC-E866-4766-B226-225F6097FE1E}] => (Allow) C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB5958ED-D558-4D4A-B6F8-3F0E5C246749}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{586FF804-857E-4EE4-9622-06D3274D6F19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DFC55D2-4C82-40DE-9370-09CE4F987A1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE9683A-3343-4BD4-9D6A-430926209378}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{50EB7077-A3E5-4C5D-B03F-9FA75B54195B}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{5452BA08-AE0A-4ECB-82CB-9C381DD00C7D}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{069C1B36-576B-407E-8F6C-8126A4F0B94B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{9569E4E6-6AD8-4939-A103-1A28A4F8526E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{D74AAA70-329F-4B80-9329-B2415B71BA7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{CDA8F3B5-B874-43B9-9C3D-536A8E3F9A97}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{462594FB-E431-4701-9212-AB0DBACA6788}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{F668731C-EB3A-4801-9D92-3BBB61B52A7A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B1AD7BC0-FEB9-4EBA-9C9C-F27389559036}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-03-2016 10:55:12 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2016 03:22:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 03:14:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2016 02:57:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 02:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 02:44:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2016 02:41:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 01:21:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/10/2016 11:08:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 11:00:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2016 10:56:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/10/2016 03:20:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/10/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.

Error: (03/10/2016 02:56:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/10/2016 02:55:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (03/10/2016 02:55:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/10/2016 02:55:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/10/2016 02:55:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/10/2016 02:55:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/10/2016 02:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/10/2016 02:54:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8130.49 MB
Available physical RAM: 5502.37 MB
Total Virtual: 16259.18 MB
Available Virtual: 13407.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:58.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00320AF0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
YSRRider is offline  
Old 03-10-2016, 02:14 PM   #11
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Drake (administrator) on DRAKE-PC (10-03-2016 15:56:34)
Running from C:\Users\Drake\Desktop
Loaded Profiles: Drake (Available Profiles: Drake)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-04-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212584 2016-02-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\Run: [Dropbox Update] => C:\Users\Drake\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.)
HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\MountPoints2: {3c731ecd-0984-11e4-8138-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2581635792-2260966447-853825529-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-07-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8F39E773-44F6-4C55-9F83-1AA10F9A5F64}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default
FF Homepage: AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-03-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2581635792-2260966447-853825529-1000: tdameritrade.com/thinkorswim -> C:\Users\Drake\AppData\Local\thinkorswim\npthinkorswim.dll [2015-05-21] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2581635792-2260966447-853825529-1000: tdameritrade.com/tossc -> C:\Users\Drake\AppData\Local\thinkorswim\nptossc.dll [2015-05-21] (TD Ameritrade)
FF Extension: Classic Theme Restorer - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected] [2016-02-22]
FF Extension: No Name - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected] [not found]
FF Extension: Old Location Bar - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}.xpi [2016-03-09]

Chrome:
=======
CHR Profile: C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1443144 2016-02-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3260328 2016-02-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2016-02-05] (AVG Technologies CZ, s.r.o.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-22] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-10 15:56 - 2016-03-10 15:56 - 00015303 _____ C:\Users\Drake\Desktop\FRST.txt
2016-03-10 15:56 - 2016-03-10 15:56 - 00000000 ____D C:\FRST
2016-03-10 15:52 - 2016-03-10 15:52 - 02374144 _____ (Farbar) C:\Users\Drake\Desktop\FRST64.exe
2016-03-10 14:43 - 2016-03-10 14:54 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-10 14:43 - 2016-03-10 14:43 - 01524224 _____ C:\Users\Drake\Desktop\AdwCleaner.exe
2016-03-09 23:36 - 2016-03-10 11:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 23:32 - 2016-03-09 23:32 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-09 23:32 - 2016-03-09 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 23:32 - 2016-03-09 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 23:32 - 2016-03-09 23:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-09 23:32 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-09 23:32 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-09 23:32 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 23:23 - 2016-03-09 23:23 - 22908888 _____ (Malwarebytes ) C:\Users\Drake\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 22:44 - 2016-03-09 22:44 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-09 22:43 - 2016-03-09 22:43 - 02870984 _____ (ESET) C:\Users\Drake\Downloads\esetsmartinstaller_enu.exe
2016-03-08 21:47 - 2016-03-10 11:01 - 00000000 ____D C:\ProgramData\Avg
2016-03-08 21:46 - 2016-03-10 11:01 - 00000000 ____D C:\Users\Drake\AppData\Local\AvgSetupLog
2016-03-08 16:54 - 2016-03-08 16:54 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Drake\Downloads\AVG_PCTuneUp_878.exe
2016-03-08 10:36 - 2016-03-10 14:39 - 01551368 _____ C:\Windows\ntbtlog.txt
2016-03-08 10:32 - 2016-03-08 10:30 - 00688992 ____R (Swearware) C:\Users\Drake\Desktop\dds.scr
2016-02-27 19:28 - 2016-02-27 19:28 - 00000000 ____D C:\Users\Drake\AppData\Roaming\vlc
2016-02-18 21:45 - 2016-02-18 21:45 - 00000000 ____D C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 14:02 - 2016-02-12 14:02 - 00992203 _____ C:\Users\Drake\Desktop\start.zip
2016-02-11 21:06 - 2016-02-13 10:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 18:04 - 2016-02-10 20:41 - 00000000 ____D C:\Users\Drake\Desktop\FIB
2016-02-10 15:38 - 2016-02-10 15:38 - 04998697 _____ C:\Users\Drake\Downloads\Attachments_2016210.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-10 15:48 - 2014-07-12 00:12 - 00000000 ____D C:\ProgramData\MFAData
2016-03-10 15:36 - 2015-06-26 13:25 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000UA.job
2016-03-10 15:32 - 2014-07-12 00:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-10 15:27 - 2009-07-13 22:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-10 15:27 - 2009-07-13 22:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-10 15:21 - 2014-07-23 20:29 - 00000000 ___RD C:\Users\Drake\Dropbox
2016-03-10 15:21 - 2014-07-23 20:00 - 00000000 ____D C:\Users\Drake\AppData\Roaming\Dropbox
2016-03-10 15:20 - 2014-07-12 00:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-10 15:20 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-10 14:11 - 2014-07-28 01:30 - 00000000 ____D C:\Users\Drake\AppData\Local\Microsoft Games
2016-03-10 11:01 - 2014-07-12 00:14 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-10 00:09 - 2009-07-13 23:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-09 16:44 - 2015-06-26 13:25 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2581635792-2260966447-853825529-1000Core.job
2016-03-08 21:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-03-08 21:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-08 21:48 - 2014-11-20 09:07 - 00000000 ____D C:\Users\Drake\AppData\Local\Avg
2016-03-08 21:33 - 2014-07-12 00:23 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-08 21:33 - 2014-07-12 00:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-05 17:04 - 2014-07-22 16:20 - 01234432 ___SH C:\Users\Drake\Documents\Thumbs.db
2016-02-22 19:40 - 2015-03-20 23:45 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-22 19:40 - 2015-03-20 23:45 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-21 09:45 - 2015-05-14 15:03 - 00000000 ____D C:\Users\Drake\Desktop\meme
2016-02-19 18:45 - 2014-07-12 00:15 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2016-02-19 18:45 - 2014-07-12 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-18 12:29 - 2015-06-05 19:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-14 21:36 - 2015-11-01 00:06 - 00000000 ____D C:\Users\Drake\AppData\Local\CrashDumps
2016-02-14 11:01 - 2015-10-30 17:20 - 00000000 ____D C:\Users\Drake\Desktop\Movies
2016-02-13 10:18 - 2014-07-12 00:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 07:24 - 2009-07-13 23:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-10 20:43 - 2016-01-18 17:22 - 00000000 ____D C:\Users\Drake\Downloads\Forex
2016-02-09 20:27 - 2014-07-12 00:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-09 20:27 - 2014-07-12 00:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-09 20:27 - 2014-07-12 00:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Some files in TEMP:
====================
C:\Users\Drake\AppData\Local\Temp\GURC2B2.exe
C:\Users\Drake\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-09 00:19

==================== End of FRST.txt ============================
YSRRider is offline  
Old 03-10-2016, 02:29 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, YSRRider. You must have cleared out that proxy server, correct?
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\MountPoints2: {3c731ecd-0984-11e4-8138-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
    FF Extension: No Name - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected] [not found]
    FF Extension: Old Location Bar - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}.xpi [2016-03-09]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2016, 04:55 PM   #13
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Yes, I removed the proxy. took me a while to find out where it was.

After first running ADWCleaner per your instructions, I was able to open my browser. After rebooting during the final instructions, it wont load once again.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Drake (2016-03-10 18:27:41) Run:2
Running from C:\Users\Drake\Desktop
Loaded Profiles: Drake (Available Profiles: Drake)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-2581635792-2260966447-853825529-1000\...\MountPoints2: {3c731ecd-0984-11e4-8138-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
FF Extension: No Name - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected] [not found]
FF Extension: Old Location Bar - C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}.xpi [2016-03-09]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-2581635792-2260966447-853825529-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c731ecd-0984-11e4-8138-806e6f6e6963} => key not found.
HKCR\CLSID\{3c731ecd-0984-11e4-8138-806e6f6e6963} => key not found.
C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\[email protected] => not found.
C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\nd1igay0.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}.xpi => not found.
EmptyTemp: => 715 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:28:10 ====
YSRRider is offline  
Old 03-10-2016, 04:57 PM   #14
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



Please take a look at this screenshot I made prior to starting your instructions. I did not see this stuff come up under the scans and I suspect these are the issue.
Attached Thumbnails
Click image for larger version

Name:	PCanalyze1.jpg
Views:	149
Size:	197.5 KB
ID:	274434  
YSRRider is offline  
Old 03-10-2016, 05:23 PM   #15
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



UGH! rebooted, ran ADW in safemode, no hits. Rebooted in normal mode, ran AVG analyzer again and all the TEMP files were deleted and now my browsers are working again.
YSRRider is offline  
Old 03-10-2016, 06:10 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, YSRRider. That's what the directive EmptyTemp: did in that last fix using FRST.

We usually have users run MBAM and complete an online scan with ESET before declaring them malware free, but I noticed you already have both.

If you don't think there is the need, I can give you some final instructions. Let me know.

------------------------------------------------------

One more thing though, your Java is out of date.

Java(TM) 8 Update 45 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2016, 06:34 PM   #17
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



I downloaded both of them last night and ran them and they just came up with anything that seemed to be that bad but I will run them again. Seems to be running faster. Hope the issues dont come back. Ok, will update my JAVA
YSRRider is offline  
Old 03-10-2016, 06:39 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know if MBAM and/or ESET finds anything by posting the logs.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2016, 08:06 PM   #19
Registered Member
 
Join Date: Jan 2005
Posts: 470
OS: Windows 7



All clear so far. Thank you
YSRRider is offline  
Old 03-11-2016, 06:14 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, YSRRider. You're very welcome.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:17 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts