Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't install AVG Internet Security 2015


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Hmm... interesting. You are correct in that I don't see it in your programs list but it appears in your security programs in Addition.txt
 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


Maybe it was installed and later removed. If so it looks like it didn't uninstall properly.

Try running the removal tool:

Go here to download and run the Microsoft Security Essentials removal tool.

If that doesn't do the trick:
 

  • Please run Farbars Recovery Scan Tool again. Double click on FRST64 to open. Allow it to update if it wants to
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 

 


  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Further to the above.

 

A colleague who I have great respect for has just reminded me that there is a common problem with AVG and the Microsoft installer.

 

SOoo... when you have completed the above let's see if we can refresh the installer.

 

Please download Fixit for problems with Windows installer/unistaller


  • 0

#18
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Ok here is the FRST log and Addition log

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Pooh~Mar (administrator) on POOHMAR-PC on 12-11-2014 05:11:06
Running from C:\Users\Pooh~Mar\Desktop
Loaded Profile: Pooh~Mar (Available profiles: Pooh~Mar & Mcx1 & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Creative Technology Ltd.) C:\Windows\V0350Mon.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\KBD\kbd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KBD] => C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [UpdatePDIRShortCut] => c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [V0350Mon.exe] => C:\Windows\V0350Mon.exe [28672 2007-08-23] (Creative Technology Ltd.)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [PureLeads Tray] => "C:\Program Files\PureLeads\PureLeadsTray.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
HKU\S-1-5-21-3331768213-1759502172-4088974818-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3331768213-1759502172-4088974818-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-11-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3331768213-1759502172-4088974818-1000\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3331768213-1759502172-4088974818-1000\...\Run: [Google Update] => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKU\S-1-5-21-3331768213-1759502172-4088974818-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2EE02065AFECF01
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pooh~Mar\AppData\Roaming\Mozilla\Firefox\Profiles\mryign2z.default-1404603865777
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npkanevapatch.dll (Kaneva, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR Profile: C:\Users\Pooh~Mar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pooh~Mar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Hello Kitty) - C:\Users\Pooh~Mar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Pooh~Mar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Pooh~Mar\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Pooh~Mar\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx []
CHR HKLM\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files\LyricSing\131.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-09-30] (Avanquest Software) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-12] (Symantec Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed]
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex)
S3 VF0350Afx; C:\Windows\System32\Drivers\V0350Afx.sys [142656 2007-06-11] (Creative Technology Ltd.)
S3 VF0350Vfx; C:\Windows\System32\DRIVERS\V0350VFx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
S3 VF0350Vid; C:\Windows\System32\DRIVERS\V0350Vid.sys [170368 2007-08-29] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Pooh~Mar\AppData\Local\Temp\catchme.sys [X]
U4 cisvc; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsl4fede91d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEA6A431-C17A-4BA8-92E3-B35610C0AB86}\MpKsl4fede91d.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 05:11 - 2014-11-12 05:12 - 00016976 _____ () C:\Users\Pooh~Mar\Desktop\FRST.txt
2014-11-12 00:07 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 00:07 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 00:07 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 00:07 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 00:07 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 00:07 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 00:06 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 00:06 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 00:05 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 00:04 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 00:04 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 00:04 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 00:04 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 00:03 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 23:52 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:25 - 2014-11-11 23:28 - 00004478 _____ () C:\FixitRegBackup.reg
2014-11-11 23:21 - 2014-11-11 23:21 - 00899584 _____ () C:\Users\Pooh~Mar\Desktop\MicrosoftFixit50535.msi
2014-11-11 23:01 - 2014-11-12 03:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-11 23:01 - 2014-11-11 23:01 - 00000000 ____D () C:\Users\Pooh~Mar\AppData\Local\MFAData
2014-11-11 22:12 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 22:12 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 22:12 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 22:12 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 22:12 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 22:12 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 22:12 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 22:12 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 22:12 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 22:12 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 22:12 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 22:12 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 22:12 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 22:12 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 22:12 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 22:12 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 22:12 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 22:12 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 22:12 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 22:12 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 22:12 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 20:57 - 2014-11-11 20:57 - 00000035 _____ () C:\Users\Pooh~Mar\Desktop\avg code.txt
2014-11-11 20:07 - 2014-11-11 20:07 - 00415232 _____ (Farbar) C:\Users\Pooh~Mar\Desktop\FSS.exe
2014-11-11 19:51 - 2014-11-11 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-11-11 18:56 - 2014-11-11 19:08 - 00000000 ____D () C:\AdwCleaner
2014-11-11 17:54 - 2014-11-11 17:54 - 01706808 _____ (Thisisu) C:\Users\Pooh~Mar\Desktop\JRT.exe
2014-11-11 17:41 - 2014-11-11 17:41 - 02140160 _____ () C:\Users\Pooh~Mar\Desktop\AdwCleaner.exe
2014-11-10 22:31 - 2014-11-10 22:31 - 00006351 _____ () C:\Users\Pooh~Mar\Documents\fixlist.txt
2014-11-10 16:37 - 2014-11-10 16:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 23:06 - 2014-11-12 05:11 - 00000000 ____D () C:\FRST
2014-11-09 23:05 - 2014-11-09 23:05 - 01107968 _____ (Farbar) C:\Users\Pooh~Mar\Desktop\FRST.exe
2014-11-09 18:04 - 2014-11-09 18:04 - 00000000 ____D () C:\Users\Pooh~Mar\AppData\Local\VS Revo Group
2014-11-09 18:03 - 2014-11-09 18:03 - 00001027 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-11-09 18:03 - 2014-11-09 18:03 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-09 18:03 - 2014-11-09 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-09 18:03 - 2014-11-09 18:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-09 18:03 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-09 15:55 - 2014-11-11 23:04 - 00000000 ____D () C:\AVG_BFEfix
2014-11-09 15:23 - 2014-11-09 15:23 - 04579176 _____ (AVG Technologies) C:\Users\Pooh~Mar\Desktop\avg_isct_stb_all_2015_5315.exe
2014-11-09 13:17 - 2014-11-09 13:17 - 03201304 _____ () C:\Users\Pooh~Mar\Desktop\AVGInstLog.cab
2014-11-09 11:47 - 2014-11-11 23:04 - 00000181 _____ () C:\cleanup.bat
2014-11-09 11:35 - 2014-11-11 23:03 - 00000000 ____D () C:\AVG_Remover
2014-10-16 05:01 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 05:01 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 05:01 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:30 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 05:10 - 2009-11-27 18:25 - 01592031 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 05:08 - 2012-09-06 15:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-12 05:06 - 2010-08-05 12:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 05:06 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 05:06 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 05:06 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 04:25 - 2012-07-11 04:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 04:23 - 2012-09-22 17:31 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000UA.job
2014-11-12 04:22 - 2010-08-05 12:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 03:35 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 03:18 - 2012-05-11 21:25 - 00376056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:17 - 2012-05-11 21:25 - 00312488 _____ () C:\Windows\PFRO.log
2014-11-12 03:16 - 2006-11-02 08:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 02:25 - 2012-07-11 04:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 02:25 - 2011-06-06 05:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 02:00 - 2014-08-15 05:50 - 00000000 ____D () C:\Users\Pooh~Mar\AppData\Local\Adobe
2014-11-12 00:02 - 2013-07-13 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 23:54 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 23:47 - 2009-11-27 18:26 - 00000000 ____D () C:\Users\Pooh~Mar
2014-11-11 22:23 - 2012-09-22 17:30 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000Core.job
2014-11-11 19:52 - 2010-01-19 06:43 - 00000000 ____D () C:\Program Files\Winferno
2014-11-10 21:55 - 2012-05-06 12:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 18:25 - 2009-12-14 21:59 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-11-09 15:22 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-09 13:10 - 2006-11-02 05:33 - 00766864 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 10:26 - 2011-05-03 18:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-04 14:30 - 2009-12-07 18:18 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 20:18 - 2012-09-30 10:28 - 00000000 ____D () C:\Users\Pooh~Mar\AppData\Roaming\uTorrent
2014-10-31 20:18 - 2012-08-18 19:06 - 00000000 ____D () C:\Users\Pooh~Mar\Desktop\Goin to MP3
2014-10-31 20:17 - 2014-06-29 08:28 - 00000000 ____D () C:\Users\Pooh~Mar\AppData\Roaming\vlc
2014-10-31 15:11 - 2013-11-21 12:03 - 00000000 ____D () C:\Program Files\PasswordBox
2014-10-28 15:26 - 2012-10-29 13:22 - 00002059 _____ () C:\Users\Pooh~Mar\Desktop\Google Chrome.lnk
2014-10-18 19:39 - 2010-08-11 11:29 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForPooh~Mar.job

Some content of TEMP:
====================
C:\Users\Pooh~Mar\AppData\Local\temp\Quarantine.exe
C:\Users\Pooh~Mar\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-12 05:19

==================== End Of Log ============================

 

Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Pooh~Mar at 2014-11-12 05:12:28
Running from C:\Users\Pooh~Mar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.2.0 - )
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Any Video Converter Professional 5.0.8 (HKLM\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Audio Converter version 6.2 (HKLM\...\AVS Audio Converter 6.2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 3.9 (HKLM\...\AVS Audio Recorder 3.9_is1) (Version:  - Online Media Technologies Ltd.)
AVS Image Converter 1.2.1.100 (HKLM\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
BearShare (Version: 9.0.0.88083 - Musiclab, LLC) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon MP250 series User Registration (HKLM\...\Canon MP250 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version:  - )
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00) (HKLM\...\Creative VF0350) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version:  - )
Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
Garmin Communicator Plugin (HKLM\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{BE06114F-559D-11E0-B5A1-001D0926B1BF}) (Version: 6.0.2.2074 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
HitLeap Viewer 2.8 (HKLM\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.)
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Demo (HKLM\...\{A2016015-8323-4AF8-8B3E-F56239D7D59D}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.3309 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}) (Version: 2.0.8 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LightScribe System Software (HKLM\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (HKLM\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaSPace (HKLM\...\{238F787F-4FE9-4644-8362-30800F50E190}) (Version: 1.00.0000 - MediaSPace)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCams 2.2010.05.13 (HKLM\...\{A94D0A32-5BDB-4400-8E78-07B148B929C5}_is1) (Version:  - MyFreeCams.com)
NCH Toolbox (HKLM\...\ToolBox) (Version:  - NCH Software)
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Nursing Assistant CD (HKLM\...\Nursing Assistant CD) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version:  - NCH Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (Version: 7.0.2202 - CyberLink Corp.) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.0.0 - Conexant Systems)
Sound Organizer (HKLM\...\{010813A5-CE68-4C86-96F4-11CAEA3E6292}) (Version: 1.1.1.12161 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1016 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeleTech WB ISA (HKLM\...\TeleTech ISA) (Version: 1.2.2.0 - TeleTech)
UltraMixer 4.0.2 (HKLM\...\{8C101DEE-540D-42C7-860F-E326883C81C5}_is1) (Version: 4.0.2 - UltraMixer Digital Audio Solutions)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Winferno Registry Power Cleaner (HKLM\...\RegPowerClean_is1) (Version: 2009 - Winferno.com)
Wondershare Video Editor(Build 3.6.1) (HKLM\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331768213-1759502172-4088974818-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pooh~Mar\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

01-11-2014 12:32:18 Windows Update
02-11-2014 04:00:10 Scheduled Checkpoint
04-11-2014 19:26:52 Windows Update
07-11-2014 00:47:32 Scheduled Checkpoint
08-11-2014 02:21:43 Windows Update
08-11-2014 22:26:39 Scheduled Checkpoint
09-11-2014 17:08:07 Installed AVG 2015
09-11-2014 17:10:10 Installed AVG 2015
09-11-2014 17:14:25 Removed AVG 2015
09-11-2014 17:20:02 Installed AVG 2015
09-11-2014 17:34:52 Installed AVG 2015
09-11-2014 17:39:47 Removed AVG 2015
09-11-2014 17:53:30 Installed AVG 2015
09-11-2014 18:08:16 Installed AVG 2015
09-11-2014 18:13:49 Removed AVG 2015
09-11-2014 18:27:29 Installed AVG 2015
09-11-2014 19:02:13 Installed AVG 2015
09-11-2014 19:05:47 Removed AVG 2015
09-11-2014 20:26:48 Installed AVG 2015
09-11-2014 20:40:10 Installed AVG 2015
09-11-2014 20:44:38 Removed AVG 2015
09-11-2014 21:09:47 Installed AVG 2015
09-11-2014 21:13:01 Installed AVG 2015
09-11-2014 21:22:37 Removed AVG 2015
09-11-2014 23:05:14 Revo Uninstaller Pro's restore point - AVG 2014
09-11-2014 23:06:40 Revo Uninstaller Pro's restore point - AVG 2014
09-11-2014 23:16:30 Installed AVG 2015
09-11-2014 23:17:22 Installed AVG 2015
09-11-2014 23:21:18 Removed AVG 2015
10-11-2014 04:25:30 Installed AVG 2015
10-11-2014 04:34:47 Installed AVG 2015
10-11-2014 04:40:26 Removed AVG 2015
10-11-2014 22:24:11 Scheduled Checkpoint
11-11-2014 02:30:16 Revo Uninstaller Pro's restore point - McAfee Security Scan Plus
11-11-2014 02:34:39 Revo Uninstaller Pro's restore point - PureLeads
11-11-2014 03:25:18 Revo Uninstaller Pro's restore point - TVvie
11-11-2014 06:52:23 Windows Update
12-11-2014 01:31:28 Installed AVG 2015
12-11-2014 01:32:22 Installed AVG 2015
12-11-2014 01:36:39 Removed AVG 2015
12-11-2014 02:16:25 Installed AVG 2015
12-11-2014 02:18:09 Installed AVG 2015
12-11-2014 02:22:19 Removed AVG 2015
12-11-2014 02:45:56 Installed AVG 2015
12-11-2014 02:48:13 Installed AVG 2015
12-11-2014 02:56:02 Removed AVG 2015
12-11-2014 04:17:00 Installed AVG 2015
12-11-2014 04:18:40 Installed AVG 2015
12-11-2014 04:23:25 Removed AVG 2015
12-11-2014 04:23:50 Installed Microsoft Fix it 50535
12-11-2014 04:27:16 Installed Microsoft Fix it 50535
12-11-2014 04:35:13 Installed AVG 2015
12-11-2014 04:41:26 Installed AVG 2015
12-11-2014 04:48:07 Removed AVG 2015
12-11-2014 04:52:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2012-05-22 13:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09BCD0CA-5F19-4F92-8601-B06ECEBFEE68} - \{35DC3473-A719-4d14-B7C1-FD326CA84A0C} No Task File <==== ATTENTION
Task: {300AB127-246D-42BE-B5E0-D06712A89F92} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {311800C8-FDF1-468C-87CF-094F8FED3374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {36ECBD63-0995-4580-A8CB-69E53A4E6651} - System32\Tasks\AdobeAAMUpdater-1.0-PoohMar-PC-Pooh~Mar => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3BE80994-6606-4197-BBAA-5891152F8ECC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000UA => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {46D28D87-E72A-4E65-B908-26CA1FC01277} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {4F0E62D3-74B1-489C-84A3-22363B810B86} - System32\Tasks\HPCeeScheduleForPooh~Mar => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {6B535D96-95A5-45A0-A524-79C19B7D3E5C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CB512E8-0526-440A-90D9-A127C566E4A5} - System32\Tasks\RPCReminder => C:\Program Files\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: {6EFCB065-1818-415E-AE98-003FB5A66B0C} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {7958D249-9E44-4045-BE27-BBE4D94E1832} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {8C9BA9BD-6B44-49D0-B64A-D52A5D8265EA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
Task: {9FDDED82-27BF-4F63-9417-2438A84AEEF8} - System32\Tasks\BearShareNAG => C:\Users\Pooh~Mar\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: {9FE7E0DD-F4D0-40E8-8663-54C69550132C} - \{66BA574B-1E11-49b8-909C-8CC9E0E8E015} No Task File <==== ATTENTION
Task: {A0B3DA94-90AA-421A-90A6-8C07214A2195} - System32\Tasks\Hewlett-Packard online update program => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {CC26A340-BA9F-4DF4-9E73-6E4990D5F18B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3331768213-1759502172-4088974818-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D538DC9C-9202-4E54-B4ED-677CA5A19F6F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E3C095D2-C412-4390-BB86-29EE57D52A0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E8C2C3D4-25EB-4D0B-880E-41AC20EB9FEE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000Core => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {EA8AB04F-C5D5-4B6C-9E33-045B0C6677FF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3331768213-1759502172-4088974818-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F7C10C5C-7345-4D19-861E-51AF8859B25A} - System32\Tasks\Google Updater and Installer => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000Core.job => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3331768213-1759502172-4088974818-1000UA.job => C:\Users\Pooh~Mar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPooh~Mar.job => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files\Winferno\RegistryPowerCleaner\RPCReminder.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-03 18:22 - 2009-02-10 11:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files\PasswordBox\libwebsocketswin32.dll
2008-10-17 19:57 - 2008-10-17 19:57 - 00881960 _____ () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-10-01 17:24 - 2014-07-09 11:01 - 01459712 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-10-01 17:24 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: SpeedItUpEX => C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-3331768213-1759502172-4088974818-500 - Administrator - Disabled)
Guest (S-1-5-21-3331768213-1759502172-4088974818-501 - Limited - Enabled) => C:\Users\Guest.PoohMar-PC
Mcx1 (S-1-5-21-3331768213-1759502172-4088974818-1001 - Administrator - Enabled) => C:\Users\Mcx1
Pooh~Mar (S-1-5-21-3331768213-1759502172-4088974818-1000 - Administrator - Enabled) => C:\Users\Pooh~Mar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 01:07:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:07:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\MFADATA\LOGS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\MFADATA\LOGS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:06:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/12/2014 01:06:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/11/2014 11:47:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: PoohMar-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed

Error: (11/11/2014 11:23:50 PM) (Source: MsiInstaller) (EventID: 11500) (User: PoohMar-PC)
Description: Product: Microsoft Fix it 50535 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.


System errors:
=============
Error: (11/12/2014 05:09:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Center Service Launcher

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Internet Connection Sharing (ICS)Base Filtering Engine%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Diagnostic Policy Service%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Diagnostic Policy Service

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows FirewallBase Filtering Engine%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Base Filtering Engine%%1053

Error: (11/12/2014 05:08:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Base Filtering Engine


Microsoft Office Sessions:
=========================
Error: (11/12/2014 01:07:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/12/2014 01:07:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\MFADATA\LOGS

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\MFADATA\LOGS

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/12/2014 01:07:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/12/2014 01:06:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/12/2014 01:06:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\POOH~MAR\APPDATA\LOCAL\AVG2015\LOG

Error: (11/11/2014 11:47:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: PoohMar-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed(NULL)(NULL)(NULL)(NULL)

Error: (11/11/2014 11:23:50 PM) (Source: MsiInstaller) (EventID: 11500) (User: PoohMar-PC)
Description: Product: Microsoft Fix it 50535 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-11-12 05:12:00.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 05:12:00.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 05:11:59.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 05:11:59.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 23:07:31.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 23:07:31.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 23:07:30.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 23:07:29.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-08 15:35:02.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9C38.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-08 15:35:01.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SET9C38.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 50%
Total physical RAM: 1917.83 MB
Available physical RAM: 945.06 MB
Total Pagefile: 4088.08 MB
Available Pagefile: 3046.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.39 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:86.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=286.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Seems the action outlined at post #17 didn't work. Removals and installations still don't appear to be working properly.

 

Let's see if this tool fixes that:

 

Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to somewhere you can find it.

Double click to open and follow the prompts to install.
 

  • Once installed click on the tab Step 3 and proceed from there. Run Chkdsk and System File Checker. When that is finished click on the tab Start Repairs and the button Start
  • Do not make any changes to the check marks.
  • Also put a check in the Restart/Shutdown System When Finished (lower right) box.
  • and in Restart System
  • Then click on the Start button if it doesn't do it automatically
  • If it asks you to back up your system click allow it to do so and continue

When it is finished copy and paste the Windows Repair Log back here.  

The log (_windows_repair_log.txt) is located in the following folder:
 
*  64-bit systems file path - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
 
*  32-bit systems file path - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 


  • 0

#20
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hello, sorry I haven't been able to respond in a few days.  It looks like my whole problem is with the Base Filtering Engine.  Once I get that fixed, I should be in good shape.  When I try to start BFE it gives me error message, "Windows could not start the Base Filtering Engine Service on Local Computer.  Error 1053: The service did not respond to the start or control request in a timely fashion."


  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Try this:

 

Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
  • When finished you may be asked to restart your computer. Please press yes
  • a log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply


  • 0

#22
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Ok, here is the SvcRepair log that was created:

 

Log Opened: 2014-11-15 @ 23:33:55
23:33:55 - -----------------
23:33:55 - | Begin Logging |
23:33:55 - -----------------
23:33:55 - Fix started on a WIN_VISTA X86 computer
23:33:55 - Prep in progress.  Please Wait.
23:33:56 - Prep complete
23:33:56 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
23:33:57 - Services Repair Complete.
23:34:01 - Reboot Initiated
 


  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Any change?


  • 0

#24
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

No change, BFE still giving me the error message


  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

I don't know what is causing this.

 

I take it that System File Checker ran without problems when you used it in Windows All in One Repair tool?

 

If not, do this:

 

Download SFCFix.exe by niemiro and click on it to run.
A black panel will open.
Follow the prompts pressing the requisite keys to continue
Wait completion, the tool will take a little time (runtime is approximately 15 minutes)
When finished, follow the prompt to create a summary of results you will see notification of the result. If there are no corruptions please tell me. If there are some problems please copy and paste back here the complete logfile which will open on completion.
Simply copy (Ctrl-A, Ctrl-C) and paste (Ctrl-V) the entire logfile.

 

Meantime I am consulting with my colleagues to see if anyone else has a solution.

 

Might take a while as we work in different time zones but I will get back to you. :)


  • 0

Advertisements


#26
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Yes, the system file checker ran fine when I ran it.


  • 0

#27
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Okay, here is one suggested by colleague:

 

This is a specialty tool to repair services after removing a ZA infection.

 

Please download this tool and run as administrator.

 

Tell me if that makes a difference.


  • 0

#28
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Nope, no difference


  • 0

#29
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Well one more idea to try. :)

 

Before we do it though please uninstall any/all security programs you have installed.

 

Run the AVG removal tool again.

 

Run the MSE removal tool again.

 

After doing those actions:

 

Download AppRemover and run it.

 

It's a while since I used this tool so the instructions below and the graphics might not be exact but with your knowledge you should be able to follow the prompts and work your way through.

 

Once downloaded double click the tool to open it:

Click Next >>
appremover1.jpg

Ensure Remove Security Application is collected and click Next >>
appremover2.jpg

AppRemover will scan all the security applications on your PC
appremover3.jpg

Select Any <<Application Name>> entries from the applications offered and click Next >> twice.
appremover4.jpg

Follow any further on-screen instructions. If asked to reboot, please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

 

Following that

 

Download Malwarebytes Anti-Rootkit to your desktop from here.

  • Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
  • Click OK at the installer screen that comes up.
  • The software will be extracted and will open.
  • Click Next at the first screen.
  • The Update Database screen will appear. Click the Update button.
  • Once updated, click the Next button.
  • On the Scan System screen, click the Scan button.
  • Once, the Scan is finished click on the Cleanup button to remove any threats and reboot if prompted to do so.  If no threats are found just close the programme.
  • If threats were found, then after the reboot, re-run the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.

Whether threats were found or not there will be a folder named mbar on your desktop. Open this folder and you will find in the list that presents with a file named mbar-log-...txt and another named system log.txt. Please open the files one at a time and copy and paste the contents of each back here.

 

 

Finally

 

Open the MBAR folder that MBAR was extracted to. Inside you will find a Plugins folder, inside that you will find fixdamage.exe. Double click that to run and fix any damage it finds.

 

When you return please post

mbar scan results

tell me if there has been any change.

 


  • 0

#30
brothaman23464

brothaman23464

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

BFE still won't start and below are the mbar-log.txt and system-log.txt

 

mbar-log.txt

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.17.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Pooh~Mar :: POOHMAR-PC [administrator]

11/17/2014 5:38:48 PM
mbar-log-2014-11-17 (17-38-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 496867
Time elapsed: 1 hour(s), 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [7e5df24a057782b43fa35776d52d46ba]
HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [ddfe9aa20f6dac8ac971a75a6f91768a]
HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [ddfe9aa20f6dac8ac971a75a6f91768a]
HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot. [a932013b116b1422a8a487f563a1eb15]
HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot. [5289a4986b110d2925279ddf54b0b24e]

Registry Values Detected: 2
HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3331768213-1759502172-4088974818-1000\$c93ff9029ad365e5464a81a9a0643200\n. -> Delete on reboot. [a932013b116b1422a8a487f563a1eb15]
HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3331768213-1759502172-4088974818-1000\$c93ff9029ad365e5464a81a9a0643200\n. -> Delete on reboot. [5289a4986b110d2925279ddf54b0b24e]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

System-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.600000 GHz
Memory total: 2010988544, free: 744759296

Downloaded database version: v2014.11.17.07
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/17/2014 17:38:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\TPkd.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\vcsvad.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff878baac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff87881770
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87909868
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff87910470
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87908ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff878fc460
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87908498
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff8787dcb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e5a468
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005a\
Lower Device Object: 0xffffffff843bfa58
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85e5a468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e5a088, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e5a468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff843bc950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff843bfa58, DeviceName: \Device\0000005a\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 600686352
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 600686415  Numsec = 24450930

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87908498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87909020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87908498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8787dcb8, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87908ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87911ab8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87908ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff878fc460, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87909868, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87908020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87909868, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87910470, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff878baac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff878ba7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff878baac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87881770, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKU\S-1-5-21-3331768213-1759502172-4088974818-501_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.600000 GHz
Memory total: 2010988544, free: 856813568

Downloaded database version: v2014.11.18.01
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/17/2014 20:21:49
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\TPkd.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\vcsvad.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87897868
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff8789dcb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff877c86b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff878a5568
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff877c8030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff878cc940
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8789d750
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff878cccb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85dde8e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005a\
Lower Device Object: 0xffffffff847b06e0
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85dde8e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85dde5c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85dde8e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8555db20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff847b06e0, DeviceName: \Device\0000005a\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 600686352
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 600686415  Numsec = 24450930

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8789d750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8789d020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8789d750, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff878cccb8, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff877c8030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff877c8d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff877c8030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff878cc940, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff877c86b0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87897020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff877c86b0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff878a5568, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87897868, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87897488, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87897868, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8789dcb8, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP