Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected - ref: htt://www.bleepingcomputer.com/forums/t535590/novice


  • Please log in to reply
25 replies to this topic

#1 Yony

Yony

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 05 June 2014 - 05:56 AM

Hello folks,

                 I have been confusing a few of you! my sincere apoligies! I do have a post running asTopic title! You may well lose the will to live reading throught it! & just a bit of an introdution, if you are reading through posts & miss a bit because I am not the sharpest knife in the box! especially on a PC & literally'

  • Been using home PC for number of years mainly internet etc
  • Picked up LINKEY by AZTEC MEDIA by googling "Anything better than Google earth" & diving in on the first site without checking
  • LINKEY took over everything IE-Firefox -Chrome
  • Went Control panel - uninstall etc-
  • Went to scan on MBAM 175 version & saw the new 2.0 was available & instead of running a scan on 175 downloaded new MBAM 2.0
  • New download was in Latino? Spanish I guess! worked it out put it to English! bit worried as totally new format!from 175 version
  • MBAM scan had found some malware that I did not take notice of because every thing about MBAM looked different so I uninstalled & tried to reinstall again from File Hippo! ???????
  • Could not download I kept getting a Runtime Error code: External Exception EO6D7363 ?
  • I really got in a mess & tried every thing! new A/S & Spybot- allsorts & made a mess I suppose
  • Looking through files I had then!!(all gone now) found an old MBAM application/ old not installed file, openened it & it let me download MBAM!with no error codes!
  • I went to update & it said none available! ?
  • Ran a scan & nothing found! & I knew Linkey was still there!
  • Went to MBAM support this was mid April! & have been following one of their support Techs?
  • Not sure if Linkey has gone? got you folks involved & the rest is in a line of posts As Topic title!
  • Only thing is whilst doing as instructed & me not that clever on the Tech side' lost all my files photo's & vidieos - Sure it was something I did & not this guy that was helping! -Hey Ho! now just stuck & want to start from the beggining if possible please! (A) am i still infected? & ( B) perhaps find what I did with my files etc!!

Regards Tony Yeomans (Yony)


Edited by hamluis, 05 June 2014 - 06:43 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 05 June 2014 - 08:05 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 06 June 2014 - 08:09 AM

Broni

        Hello thanks for your help! I have gone through your instructions thanks & got the reports etc, I cannot get them to this reply? a they are on my desktop temporarily' Copy & paste dsn't seem to work! & no attachment on here! Sorry Broni - or help please Broni!

                             Yony



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 06 June 2014 - 06:56 PM

Did you try different browser to paste them here?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 07 June 2014 - 05:20 AM

Broni

        Usally do everything using Firefox!! but did try IE which is supposed to be my de-fault thingy! I right click?? I do not have two moniters!open up for BC & it has gone!! when opening up for BC!  tried the splitting screens thing Broni!! got myself in a right mess!! if atachment I suppose from how my PC used to be??? just "Tag" where stored & attach!! whole PC seems different now Broni! & I aint clever enough to work the ******* thing out now!! tis a worry son!! many thanks anyway for your interest! Just one stupid mistake nearly two months ago Broni?? Ok! me just feeling a right!!!! well!! may be not come over right from here! thanks mate any way! Yony!



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 07 June 2014 - 11:16 AM

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 09 June 2014 - 07:02 AM

Broni

         I have tried send space & nit uploaded my file/ reports I am trying to get to you! cannot make it work! I have registered & tried to follow the instructions! it may be a bit above my level! Just to let you know I it used to work by "Dropping & dragging" from my desktop to the mail box? Or attach them but no Attach on the tool bar even after selecting "More sending options" Sorry "Broni! dont want to frustrate you! me getting a bit that way me been trying for 4+ hours!!



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 09 June 2014 - 07:27 PM

Open one log with Notepad, right click inside Notepad window, click "Select All", right click again and click "Copy".

Come back here, right click inside reply window and click "Paste".


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 10 June 2014 - 02:05 AM

Broni

        I have tried that honestly' that is what I started to do first! But "Cut Copy Past greyed out even after selecting "ALL" & making all text go "Blue with left clicking & trying to "Grab"  I then clicked on Edit & tried! & the "Cut copy & paste was not greyed out, then when I try to paste over  is nothing there but the notepad window is empty! but nothing appears in here! bit brief just going to Hospital appointment! Many thanks Broni!



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 10 June 2014 - 11:26 AM

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (Vista/7 users: hold CTRL, and SHIFT, hit Enter).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).
 


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 11 June 2014 - 03:18 AM

Tweaking.com - Windows Repair Change Log:   Broni 
  • Why I ended up here originally, I was working with MBAM & not really getting anywhere' due to my "Ignorance" but am learning little by little by your help!  as my whole postings STORY  under Novice' 
  • I typed in scannow & no start finish ok boxes but previous files from MBAM attempts! 
  • ​I have sent zipped file because it may show all of previous attempts / results hope that OK? 
  • BRONI : Why was I able to copy & paste into this space when I could not earlier as you was requesting & me not being able too?? 

​BRONI: Just another observation on my PC to this "Spell Check is working? & previously was not?? is my PC changing or being changed after a shut down? 

​Again many thanks for your patience with me!   

 
v2.7.2
Updated the Repair Windows Firewall. After helping a user whose firewall wouldn't start I found certain registry keys that where not part of the normal shared access service that where keeping the firewall from starting. Those registry keys are now removed if they are on the system.
 
Updated the program with a new icon and logo.
 
Updated the Registry Backup tool to v1.9.0
 
Small bug fixes.
 
Spelling Corrections.
 
v2.7.1
Multiple bug fixes. While I had updated the v2.7.0 setup and portable files with the bug fixes some download sites still had the bad files. 
So to make sure everyone gets updated I am putting out a new version. Make sure to use 2.7.1 :-)
 
v2.7.0
Added a new startup check to the program. The program will now check that all files needed for the repairs in the program folder are present.
If files are missing then the repair that needs those files will fail, which can cause bad side effects depending on the repair.
So now the program will do a quick check and if any files are missing, the program will let you know which files and ask you to reinstall the program to make sure all files are there.
You can not continue with the program if any files are missing. If all files are present then it automatically continues to the normal start window of the program.
 
Added a new repair "Reset Service Permissions" This repair will add permissions on all services on the current system. Administrators = Full, System = Full, TrustedInstaller = Full
 
"Reset Registry Permissions" & "Reset File Permissions" have been completely redone. The program was using subinacl.exe to set permissions but it was only 32 bit and didn't access the 64 bit locations.
This has been replaced with SetAcl.exe which supports 32 and 64 bits. So now on a 64 bit OS all areas get their permissions set.
Because this can now access all locations the 2 repairs are a little slower and it doesn't have the progress screen that the subinacl.exe did.
So the cmd window has been updated to not show what current key or file it is on as it slowed down the repair by a very very large amount because the CPU was being used to draw all the text to the cmd.exe window.
So by not having it display all that information the speed of the repair is much better.
 
Since "Reset File Permissions" now uses a new exe the exclusions part has been changed, if you used this option in the program please see the text files on how to use exclusions.
 
For Vista and newer versions of Windows "Reset Registry Permissions" & "Reset File Permissions" now also adds the "TrustedInstaller" account with Full access rights.
 
Updated multiple repairs to better handle Windows 8 and 8.1 and all the fussy stuff it wants, making the repairs better than ever for Windows 8 & 8.1 :-)
 
Updated other multiple repairs.
 
Improved the handling of the program running with the /silent switch and when it closes itself down after repairs.
 
Multiple code changes and improvements.
 
v2.6.3
Updated Repair Registry Permissions
 
Updated Restore Windows 8 COM+ Unmarshalers
 
The 2 repair updates both have to do with a bug that only hits a few Windows 8.1 users.
When the HKEY_CLASSES_ROOT\Unmarshalers permissions get changed and are not locked down then for some reason Windows deletes that registry key on reboot.
Only happens to certain machines and appears to be a bug in Windows. The repairs have been updated to now lock down the registry location like it was before,
this will stop the bug in Windows from the registry key from being removed.
When this registry key and its sub keys are removed the COM+ wont work and sound will stop working among a bunch of other things.
The Windows Repair Program didn't remove these, something in Windows does for a unknown reason. Now with that registry location being locked again it stops that from happening.
 
v2.6.2
Added a new repair "Restore Windows 8 COM+ Unmarshalers" Starting in Windows 8 the COM+ depends on a set of registry keys located under HKEY_CLASSES_ROOT\Unmarshalers\System
There is a bug in Windows 8 where those registry keys are sometimes removed, which when they are COM+ will no longer function and many things in windows stop working including audio, Windows Defender, Windows Firewall, WMI and many more.
When these keys are restored COM+ functions again. These registry keys where not in older versions of Windows and is new to Windows 8.
 
Updated Repair Registry Permissions
 
The tree view on the repair window now takes on the colors set for the text boxes and lists instead of the program back and text colors.
 
Changed the default color theme to make the text boxes and lists a little darker than pure white.
 
Updated Registry Backup to v1.8.0
 
v2.6.1
Multiple interface changes and fixes.
 
Code updates and improvements in multiple locations in the program.
 
v2.6.0
Added a new option to change all the program colors (under the settings tab). The user can now control the colors of the program and even save their color layout as a preset. This is very helpful for colorblind, or hard of seeing users or just users who don't like my default colors :-)
 
Added a new system monitor to the repair window. The repair window will now show the current memory usage, process count, cpu usage and current read and right speeds of the hard drives. This way a user can keep track if they are running out of memory or if the drives are doing anything during a repair. Very useful so the user can tell if a repair is working or has stalled.
 
There are now 5 step tabs before the repairs. I changed the Welcome tab to Step 1 and changed the order of the rest. On the new step 1 it tells the user to do a proper power reset before anything else and gives them a quick 4 step instruction on how to do so.
 
Changed the default colors of the program. Replaced the green text with a easier to read color. Also change the button colors to stand out more and multiple other changes.
 
A large amount of interface and layout changes.
 
Code cleanup, removed old code that I was no longer using.
 
Updated the code on step 3 when doing a read only chkdsk on the drive.
 
Updated the Register System Files repair.
 
Updated Restore Important Services.
 
Updated Repair WMI to make a backup of the antivirus, firewall and antispyware information. It will export that data out first since it is lost when WMI is built and then import it back in once WMI is finished. Normally the Windows security center would complain you have no AV install and such after the repair. The AV and such would update it self back to WMI after it updates itself or after another reboot. But this confused some users who thought their AV wasn't working. By exporting and then importing that information back will keep that from happening and confusing users.
 
Multiple Code improvements and changes through out the whole program.
 
v2.5.1
Important update to the "Set Windows Services To Default Startup" repair. A few services Windows changes the default startup for based on the hardware you have installed. Such as the wireless service is set to manual but if Windows detects a wireless card then the service is changed to automatic. The services that get changed have been updated and is now fixed.
 
v2.5.0
The "Reset File Permissions" Repair has been totally redone. The old way the program would run a bat file for each folder on the root of the drive. So if you had 100 folders on the root of the drive it would run 100 bat files in order to set the permissions on each folder. This was done so the program could skip certain folders. The repair now does the whole drive in just 1 bat file, making things much faster for this repair.
 
Also added a exclude list option to the "Reset File Permissions" Repair. This new excluded list will allow power users to tweak the repair and have it skip certain folders or files. This new option was what made it possible to streamline the repair. 2 new files where added to the files folder file_permissions_excludes.txt and file_permissions_profiles_excludes.txt.
 
Updated the "Repair WMI" to skip the system volume information folder when looking for wmi files to add back. Normally this wasn't a problem but if for some reason a user had taken ownership over the system volume folder then the program had access to it and then the WMI repair would loop through the restore points, which we don't want.
 
The "Set Windows Services To Default Startup" has been redone as well. Before it pulled what services to set from the services_startup.txt file in the files folder. With Windows having so many different services for each version of Windows I have now made the repair pull from a txt file based on what version of Windows the user is on. This now gives even more control to power users and also makes the repair better suited for each version of Windows. 5 new files have been added to the files folder services_startup_xp.txt, services_startup_vista.txt, services_startup_7.txt, services_startup_8.txt, services_startup_8.1.txt.
 
To help make the "Set Windows Services To Default Startup" even better I installed a fresh copy of Windows XP Pro SP3, Vista Ultimate SP2, 7 Ultimate SP1 , 8 Pro and 8.1 Pro with nothing added to them but their default installs and pulled all the service startup information for every single service. The repair now sets more services than ever and as of right now every known service default in each version of Windows.
 
Multiple other code changes and improvements.
 
v2.4.2
The step 3 system file checker cmd.exe window now uses the cmd color options in the program.
On step 2 I added a view log button that will show up after you run check disk on the system, the log file is stored in the log file location but now the user can open it right from the program if they wish.
Added a "View Logs" button to the main repair window. Now users can open the logs folder after doing repairs instead of manually going to them, this will help with users who have trouble knowing where the logs are.
Bug fix for VSS and services for XP systems.
 
v2.4.1
Fixed bug in the program where if you ran the Repair CD/DVD and had iTunes installed iTunes could complain about a regkey missing. The program did put the registry key back into the registry but it didn't null terminate the line so iTunes still complained. This has now been fixed and iTunes no longer complains.
Reset File Permissions has been improved. The reset file permissions normally skips the profile folders on the system. This was due to a odd bug in Windows Vista, 7 and newer where if "Everyone" permissions was set on a folder under the user profile Windows would think it is shared when it wasn't. Well after helping a user who had a lot of problems on their system it turned out to be because somehow the user had removed "Administrators" and "System" from all the permissions on the folders and files of the profile. Once those where put back everything worked. So I knew I had to get the profiles added to the repair. The new changes will update all the profile folders properly and only add administrators and system, not everyone. Also for the current user profile folder it will also add the current user as it should be that way.
Small code changes.
 
v2.4.0
Repair Icons has been updated and redone. The repair will now kill explorer.exe to unlock the cache files, delete them and then start explorer.exe back up. Also Starting with vista, 7 and 8 there is a new location for the cache files and that has been added to the repair.
Change the the logs, the program now makes a folder with the date and time the start repairs button was clicked and logs are stored in that folder in the log location. So now instead of the program overwriting logs it now keeps them so you can view logs from different repair runs.
Added a new tab in the main window of the program letting users know about tweaking their system for performance after a repair. It simply tells them about my simple system tweaker and my CleanMem tool from my other site PcWinTech.com. This way users now have an option to try and speed things up afterwards if they like.
I have made a custom CleanMem for Tweaking.com and included it with the program. The program will now cleanup memory on the system instantly before doing the repairs. This will help with systems with little memory or have some processes that are memory hogs or have memory leaks, they get cleaned up before the repairs start.
Updated Repair WMI.
Updated Repair IE to support IE 11.
Program now pulls more system information and adds it to the logs, this has the benefit of letting the user see how memory and other things look and the information can also help when helping a user in the forums.
Added 20 more services to Restore Important Windows Services.
Multiple code changes and updates.
The installer for the program now puts the setup log in the same folder as the program instead of the temp folder. This will make it easier for users to find it if they wish.
 
v2.3.0
Fixed a bug where the cmd.exe windows where not changing color like they use to.
New feature, you can now set what back and text color to use in the cmd.exe windows. This is useful when running the program from a script and you can tell which cmd.exe windows belong to the program and not the script.
Program now gives a warning if it is unable to create the log file path. If the program is unable to save the log files the repairs will fail. Examples of it failing would be if the path has Unicode chars or is pointing to a ready only folder such as running off a cd.
Small bug fixes and multiple code changes.
 
v2.2.1
Per user request I have enabled the beta repair for system restore.
Adjusted privileges of the program to fix a loop in the wmi repair and to also give better access for the repairs.
Program now logs if it has trouble loading needed privileges. This can be helpful if the user account the program is running under doesn't have the correct access that is needed for the repairs.
 
v2.2.0
Remove beta repairs button. The only beta repair was for the system restore which wasn't repairing it, so no point in having it till i find more info on it :-)
The Repair CD/DVD Missing/Not Working now logs if it detects iTunes and if it does it applies the upperfilter regkey so iTunes can burn cds.
The Unhide Non System Files now also sets the show desktop icons back to enabled. Some viruses are putting desktop icons as hidden. If you keep them hidden your self you can rehide them with a simple right click on the desktop and then go to view.
Updated the repair windows firewall to have file and print sharing enabled.
Add a "Defaults" button next to the select all and unselect all repairs. This was by user request. The defaults button will select the default repairs, the same as when you run the Windows Repair for the first time.
The Windows Repair log now record system information such as what version of windows and such. This way when a user posts the log in the forums and doesnt tell me what version of Windows they are on I can see it in the logs.
New repair added for Windows 8 users. Repair Windows 8 Component Store. Microsoft finally added some built in tool to fix and recover corrupt files when sfc /scannow fails and says it couldn't fix some corrupt files. I also have the repair do a cleanup of the component store to shrink the size and also possibly remove errors from old outdated files. Here is the repair info from with in the program.:
 
"Repair Windows 8 Component Store
 
The following commands are done.
 
Dism /Online /Cleanup-Image /StartComponentCleanup
Dism /Online /Cleanup-Image /RestoreHealth
 
The first command cleans up the component store (WinSxS Folder) in windows, reducing it size and removing old entries.
 
The 2nd command is used to repair corrupt files and corrupt entries in the component store.
 
Reasons for this repair:
Used to fix Windows component store corruption when a SFC /SCANNOW command is unable to repair corrupted system files because the store (source) is corrupted, then run the SFC command again.
Used to fix Windows component store corruption when the same Windows Updates continue to appear to be available to install even though they already show successfully installed in update history.
 
More information on these commands can be found here:
and
"
 
v2.1.1
New feature added to the program (Possible speed increase as well). Under the settings tab in the main window of the program you can now set the window state and priority of the cmd.exe. The program uses bat files to run the repairs which goes through cmd.exe in Windows. Now you can choose to have the cmd.exe window be minimized, maximized or normal like it has been. (Useful for techs who are running repairs but are trying to do something else on the system) You can also set what CPU priority to run cmd.exe, so on older systems where the CPU is in use by other processes the cmd.exe window can now get priority, thus getting more CPU when it needs it and possibly speeding up the repairs for some people.
Updated and improved the Repair Winsock & DNS Cache
Updated and improved the Repair Windows Updates.
Multiple small code changes.
 
v2.1.0
Added new repair "Repair Windows App Store"
Updated Registry backup to 1.6.8
The program now auto skips repairs that are meant for a different version of Windows.
Added a checkbox to give the user an option to not have the program check for updates at startup. While I didn't have this before as it is extremely important to always run the latest version because of bug fixes and changes, it also causes the program to hang for a few seconds if the computer it is running on cant access the site to see what the current version is. So now the user can turn that off.
 
v2.0.1
Fixed bug where the /silent command didn't work. The bug was when you used /silent the repair window would show but didn't run the repairs. This is because with the new interface the treeview of the repairs wasn't loaded yet, so it didn't see any repair to run. This bug has now been fixed and /silent works again :-)
 
v2.0.0
New interface. Still the same layout but new colors that match the same look and feel as other programs on tweaking.com
Due to the interface changes I changed controls and graphics to make a smaller exe, smaller setup and use less memory.
Code improvements to Repair WMI.
All new logging. The program now records any output from the cmd.exe, not just errors. Bigger log files, but much better information when needed.
Support for Windows 8.1 added.
Tons of Code changes.
Repair Windows Updates updated.
Repair WMI updated.
Restore Important Windows Services updated.
Multiple bug fixes from the last version have been fixed.
 
v1.9.18
Bug fix: The program would get stuck in a opening and closing loop when you had it set to auto restart after repairs. This was because of a timer not turning off and wanting to update the window while it was closing down, thus the loop. This has now been fixed and the program closes like it should.
 
New feature: Since I had to get this bug fixed quickly I decided to take the time to add a new feature I came up with. In the steps before the repairs, Step 2 asks the user to do a check disk (chkdsk) on the system to make sure there is no file system errors before doing any repairs. I hated the fact that I forced the user to reboot to scan it when there may not be any errors on the file system. So I have added a new option to this step where the program will check the drive for errors and let you know if any are found. It is done by making a pipe to a cmd.exe window and running chkdsk in read only mode. Once chkdsk is done it looks for the key words "Windows found problems" and can let the user know if running chkdsk is even needed. Thus saving the user a reboot if there are no errors. I also have it log the chkdsk results to a chkdsk.log file in the logs folder in case a user wants to see the results of the chkdsk. :-)
 
v1.9.17
Updated the repair list to be numbered. This way when others have users use the program they can tell them what number in the list to choose instead of the repair name, making it easier for the user to check the correct ones.
Unhide non system files has been updated to support Unicode systems and file names and also to skip folders and files with symbolic links so it doesn't get stuck in a loop.
Unhide Non System Files now logs all files it unhides.
Repair WMI has been updated to apply MOF and MFL files back into WMI. So if you have a 3rd party program that added themselves to WMI they will be added back.
Log files have been updated to make a log file for each repair instead of trying to put everything into one log file. This is because the cmd.exe would sometimes give an error on the log file being in use.
Program now deletes old log files before running repairs. This way the log files dont keep growing in size if repairs are ran more than once.
Reset Registry Permissions has been enabled for Windows 8, but only does sections of the registry that doesn't effect the app store.
Repair Windows Firewall has been updated to use subinacl.exe to set the reg permissions instead of regini.exe. That is now 2 less files needed in the program.
Multiple code changes.
 
v1.9.16
Update to the Reset File and Reset Registry permissions. These repairs now delete orphaned SIDs and no longer follows symbolic links, keeping it from getting stuck in an infinite loop.
Updated the Repair Important Services to apply reg permissions to the service section in the registry (In case the reg permissions repair was skipped, and for users on Windows 8 who can't user the reg permissions repair because of the Windows App store.) and also to remove symbolic links from the Windows defender folder in case a well known virus put those there to break Windows defender.
Added remove_symbolic_links_from_windows_defender_folder.bat file to the files folder. This can be used by users who simply need to remove the symbolic links a virus puts on the Windows defender folder to keep Windows defender from working. The program now does this as well, but I decided to add a file for it for advanced users. The program doesn't not use this file, so changing it will have no effect on the program.
When a new update is available the program will now tell you in the caption bar instead of only at program startup. This is good for users who missed the message that there is a new version.
 
v1.9.15
Change the scan of malwarebytes from full to quick. Full is normally needed when scanning external drives and such and a quick scan is meant for scanning your system for all known malware locations and is much faster.
Small code changes.
 
v1.9.14
The awesome guys over at Malwarebytes gave me permission to allow Tweaking.com - Windows Repair to download and install Malwarebytes Anti-Malware and start a scan right from the program. This will now help make things a little easier for novice users and is a few less steps that my fellow techs need to do. When you start the program the scan option is on "Step 1" and is totally optional :-)
 
v1.9.13
Added msiserver service "Restore Important Windows Services" and "Repair MSI (Windows Installer)"
Added sppsvc service to the "Restore Important Windows Services"
Improved "Repair Internet Explorer", now better supports IE6 to IE 10.
"Repair Internet Explorer" now loads the list of files to register from the ie.txt file in the files folder. This gives users more control if they need it.
Improved "Repair MDAC/MS Jet"
"Repair MDAC/MS Jet" now loads the list of files to register from the mdac.txt file in the files folder. This gives users more control if they need it.
 
v1.9.12
Added 4 more service repairs to the "Restore Important Windows Services".
Improved repair print spooler.
Moved "Set Windows Services To Default Startup" to the bottom of the list. Since you can edit the file of what services are set to what startup, it made sense to move this last since other repairs that restore services put them back to their startup as well. This way a person can edit this file to keep any tweaks they have done to their services on the system.
Minor bug fixes and code changes.
 
v1.9.11
Improved "Repair Windows Update". On a very few machines the repair was unable to rename the pending.xml file. On vista and 7 this would cause the "installing update step 3 of 3" screen to never go away at boot up. By simply renaming the pending.xml file fixed this. Even though this was already part of the repair, if the file was in use at the time then it wasn't able to be renamed and the person would get stuck at the next boot. I am changed the repair to now remove any attributes from the file and set a secondary rename option directly in the registry to have windows rename the file at boot up. So now if the repair is unable to rename that file during the repair it will get rename at the next system boot. Hopefully this will now keep the "installing update step 3 of 3" screen from coming up and getting stuck. I was able to replicate this problem in Windows and the new repair fixed it in my testing.
 
Improved the "Repair Winsock & DNS Cache". The repair reset TCP which would also clear any static IP info set on the system. Per user request the program will now extract the static IP info, run the repair and then put the static IP info back.
 
v1.9.10
Improved the "Repair Windows Firewall". The program use to only restore the core of the shared access service. It didn't put any policies or rules. While helping a user in the forum they had a virus completely delete the shard access service key, including all rules. When the shared access was put back the firewall worked but he was unable to share any files. This is because there is some core things that have to be in the firewall rules in order to work. I have now added those core rules to the repair and it got his file sharing working just fine. This now makes the repair even better than before.
 
Added some more settings for the "Repair Windows Firewall". While helping a user in the forum the firewall was working but he couldn't get the firewall to open and would get a Group Policy error. While helping him I found the 2 reg keys that where needed to fix it. This keys are only on Vista and 7. They are not on Xp, 2003 or 8. The repair now puts these keys in on Vista and 7 only.
 
Added Windows Defender to the "Restore Important Windows Services" repair.
 
v1.9.9
Fixed bug reported by users where a folder was created on the C: drive called "Program" and windows would ask to delete or rename it, which was safe to do. The bug was with the new log settings. Bat files do not like spaces. If there was a space in the log location name it made that folder and the log was never made. The fix is to just make sure that the path is started and ended with quotation marks. I have updated all 250 locations in the program to make sure the log path has the quotation marks. This bug is now fixed.
 
v1.9.8
Changed the "Set Windows Services To Default Startup" repair to pull the services startup from a text file in the files folder instead of being hard coded. This will let users tweak this repair if they wish.
 
The program will now keep Windows from going into sleep mode or hibernation when repairs are running.
 
Added new repair "Repair Print Spooler"
 
Added "Time Elapsed" to the repair Window, so now users can see how long the repairs have been running.
 
Add new settings tab to the main window.
 
Under the new settings tab you can now change the default location for the log files.
 
Changed the default location of the log files from the Windows drive to the Logs folder in the program folder.
 
Added new repair "Restore Important Windows Services", this repair will replace all the services that the other repairs do. And as time goes I will add more services to this repair.
 
v1.9.7
Major changes to both "Reset Registry Permissions" and "Reset File Permissions". I found out that if you where on a non English system these two repairs simply wouldn't run and thus not change any permissions. This was because it was settings the permissions based on the names such as "Administrators" or "Everyone". On non English systems these are spelled differently and so would fail. I have changed these two repairs to set it by SID now instead of name. Example: Instead of "Administrators" it will use "S-1-5-32-544" (Which is the Windows Default SID for Administrators). These two repairs will now work on non English systems. As an added bonus, the two repairs run much faster now. The reason why is when I was using the names instead of the SID it had to go and lookup the SID of the names. Now that I am using the SID from the start it no longer has to do that lookup, thus making it run nearly twice as fast or better :-)
 
Fixed bug where if you opened the repair window, then closed it and then went back to it the repairs wouldn't work. This is because the program though it was in close down mode from closing the repair window. This has now been fixed.
 
Program now shows how many repairs are selected above the repair list. Example: "Repair Options (Selected: 10 of 35)"
 
The repair wmi was done in 3 steps to simply give a progress of what it is doing. Instead I have combined the 3 steps into 1.
 
Unhide none system files now gives a count of how many files it unhides. Also made a new status window to show when the unhide repair is running.
 
The Beta Repairs button will now be disabled when your running repairs.
 
The program now lists all fixed drives in the system for the Reset File Permissions and Unhide Non System Files repairs. Before it would only do the drive that Windows is on, now you can have it do other fixed drives as well. By default only the Windows drive is selected.
 
Log window now shows when a repair is being ran under the system account and the current user account.
 
The cmd.exe windows now show what repair it is doing in the title bar.
 
The program now checks if it is being run from a network path. If it is it lets the user know that due to Windows network security most repairs will fail and to please run the program locally on the system.
 
v1.9.6
Added renaming of the pending.xml file to the Repair Windows Updates
 
Due to an odd bug with the Windows 8 app store I had to disabled the reset reg permissions repair for now for Windows 8 systems. For some reason even though the app store has permissions, if you change the permissions in any way under certain keys under hkey local machine the app store will refuse to install apps and give the error code 0x8007064a. Until I can find out what keys the app store doesn't like touched I will keep this repair disabled for Windows 8.
 
v1.9.5
Fix bug where the program wouldn't go to the next repair if a cmd.exe was open. That means when the program was run from a bat file it wouldn't move forward. This bug was caused from a previous update. This is now fixed.
 
Updated the "Set Windows Services To Default Startup"
 
v1.9.4
On some systems, depending what programs are installed would not leave enough system resources for the reg and file permissions repair. On these systems after those repairs the rest of the repairs wouldn't work because the system was out of resources. There are two simple reg tweaks that increase the system resources Windows will use. Both repairs will now apply those two reg keys. Not only will this fix the resources being used up but should also fix any other program that runs out of resources. A reg file for these two tweaks are in the files folder with the program.
 
Added more files to the repair system restore.
 
Nearly all repairs run under the system account. As I work on the repairs I noticed something odd. Some parts of the repairs work when run under the current user account and fail under the system account, and other parts fail under the user account and work with the system account. Such as adding reg files or registering files. Here is an example registering the file blb_ps.dll under the user account works while trying to register it under the system account fails, and this only happens with a few files while the rest work fine under both. To handle this I now have some of the repairs run twice, once under the user account then again under the system account. This should handle any odd permissions between the two accounts and insure that the repairs are successful. This isn't needed on all repairs.
 
v1.9.3
Added a new section to the program called "Beta Repairs". There is a button on the repair window that will open it for you.
Added new beta repair "Repair System Restore" this is for Windows Vista, 7 and 8. Microsoft has no repair info on the system restore. So I monitored what services and files the system restore needs and I am working on the first known system restore repair. This is in the beta section till I get user feedback on how it works and if it gets system restore working again for people.
 
v1.9.2
Per user request the main repair window is now resizable.
Added 11 new file association repairs. What makes these repairs different than just clicking a reg file is on vista and newer some of the keys are locked. Since the program runs the repairs under the system account these repairs have access to those locked keys.
Added a "Tips" button that loads a page on the site with some tips on which repairs to run and tricks you can do with the program.
Changed the list in the program to a treeview.
I have some repairs unchecked by default now instead of all repairs checked.
Many code changes.
 
v1.9.1
Changes to the user interface.
 
v1.9.0
Minor Interface changes.
Program now pulls the information of each repair from a txt file instead of being directly in the program.
Added the BITS service to the Repair Windows Updates.
Added the wuauserv service to the Repair Windows Updates
Added a few more things to the Repair Windows Updates.
Added more support for Windows 8 repairs.
Added more dll files to the register system files repair.
Added new repair - "Repair Windows Safe Mode". This will put the default reg keys in order to boot into safe mode. Some viruses remove these reg keys. This will simply put the defaults back and allow safe mode to boot again.
Added more to the "Remove Policies Set By Infections" repair.
Multiple Code changes and improvements.
 
v1.8.0
Replaced Erunt registry backup with Tweaking.com - Registry Backup
Some new viruses have been adding programs to the Image File Execution Options in the registry. Keeping those programs from running. I have added 773 more items to the Remove Policies Set By Infections.
Added new repair "Repair Windows Snipping Tool". This will run on vista or newer and replace the reg keys needed for the snipping tool.
Added new repair "Repair .lnk (Shortcuts) File Association" This will run on vista or newer.
Updated the "Repair CD/DVD Missing/Not Working" to see if iTunes is running (Looks for ituneshelper.exe is running). If it is it puts the iTunes "UpperFilters" for the cd/dvd rom drive so iTunes wont give the error "Warning the registry setting used for importing CD are missing". More info here http://support.apple.com/kb/TS2372?viewlocale=en_US
Multiple code improvements.
 
v1.7.5
Improved operating system detection code. What does this mean? Some repairs need to know what version of Windows it is running run to run the correct code. The program used WMI to pull this info. But if WMI was broken it didn't pull the info. I now have it use the Windows API to pull the Windows version, and if for any reason it fails it will fall back to using WMI to pull the info.
 
v1.7.4
The program is now Terminal Server Aware. When you ran the program on a Windows server that had Terminal Services installed the Windows API returned the wrong path to the windows dir. This is now fixed.
 
v1.7.3
Updated the Repair Windows Firewall. It now restores the reg keys for the BFE, MPSSVC and WSCSVC services. Before it only put back the shared access service. Which in XP is all the firewall needed. But in Vista and 7 it required more services. They are now part of the repair :-)
 
v1.7.2
Small bug fixes to the log creation of the program.
I have removed the 3 options "Basic" "Advanced" and "Custom" before you start the repairs. Nearly all users that I have talk to, and myself included always choose custom anyways. No need for these other options and they have been removed. Should cut down on the confusion for new users on which to use.
New interface changes to the repair window in the program.
Added "Always On Top" option for the repair window.
Added a minimize button to the repair window. With the always on top option if something opens behind the window and the user needs to get to it they can now minimize the window.
Added a minimize button to the main window in the program for the heck of it :-)
Code improvements.
 
v1.7.1
Updated the Repair WMI to better handle the commands needed for the different version of Windows. While the WMI works great on XP, Vista and 7 it didn't work correctly on 2003 thus breaking WMI. I have added the commands need to have it run properly on 2003 :-)
 
v1.7.0
Small improvements to a few repairs.
Better support when running the program through a script. I have a good amount of repair shops that use this repair tool. Some like to run the repair tool with the silent command and from a script in a bat file. The old version of the program would close any cmd.exe window before running the repairs. This of course defeated the purpose of running through a script. So I have changed the way the program waits for a repair to finish. Instead of waiting for cmd.exe to close, each repair will now make a file. When the repair is finished it will delete the file, then the program will know to move onto the next repair.
I now have the cmd.exe windows change to a gray background with black text. This way when running the program through a script you will know which cmd.exe window belongs to the windows repair :-)
The program will now save any errors from the repairs into a txt file on the Windows drive in a folder. Example: "C:\Tweaking.com_Windows_Repair_Logs\" Multiple log files are made for the permission repairs. This is because the MS tool doesn't append to the log file, so a new file has to be made for each section. Since this could create a fair amount of log files I have the program cleanup any empty log files after the repairs are ran.
 
v1.6.5
Program detects if you are running in safe mode and warns that some repairs may not work in safe mode.
I have also made a few changes for all repairs to run better in safe mode. No guarantees but should definitely run better in safe mode than it has before.
Per user request you can now choose to restart or shutdown the computer after repairs.
I have the repair window resized to 750 x 550 pixels (Now bigger than before). This is the max size to fit on the screen in safe mode which is normally 800 x 600.
 
v1.6.4
Add ERUNT Registry backup tools. This is another option to backup the system registry before doing repairs. Also very helpful when a users system restore isn't working properly.
 
v1.6.3
Major improvement for the Reset File Permissions repair. On vista and newer the repair would allow access to folders windows normally blocked. Such as "C:\ProgramData\Application Data". Normally with this folder you would get an access denied. After you ran the reset file permissions repair you could access it. The side effect was that this folder points back to the C:\ProgramData folder. So it made an endless loop! The repair now checks if your on anything newer than XP. If you are then it runs a batch of commands after the repair that puts back the deny permissions on all the folders that are supposed to be blocked. This stops that endless loop from happening. 46 folders total. :-)
 
v1.6.2
Per user request I have added a silent command option to the program. Set the options in the setting.ini file and run the program with /silent. The program will run in custom mode running the repairs set in the settings and then close it self. Will even reboot when done if set in the settings. (Perfect option for my fellow network admins) :-)
Small code changes.
 
v1.6.1
Added new repair "Repair Missing Start Menu Icons Removed By Infections" This repair will put back the missing icons in the start menu, quick launch, and desktop that are moved by a rogue virus.
 
v1.6.0
Added new repair "Repair MSI (Windows Installer)"
Added exe fix (when a virus hijacks the exe section in the registry) to the "Remove Policies Set By Infections" repair.
Improved "Repair Windows Updates".
Small interface changes.
 
v1.5.8
Bug Fix: I found a very odd bug where some of the repairs were not working right. All repairs run under the system account (because of the trusted installer in vista and newer). For some reason the repairs that set registry keys by a .reg file and with regedit would run but the changes wouldn't take. The fix was to have those repairs run as the logged in account. Still scratching my head on that one, but at least now they work again :-D
Bug Fix: The repair windows firewall wasn't running all the repairs needed for it. This has now been fixed.
The Reset File Permissions now skips the "Users" folder in Vista and newer and "Documents and Settings". The reason for this is in Vista and newer there is a bug where if the file permissions are changed in the user profile then Windows thinks the file is shared when it isn't and you get a shared icon on it. More information is here http://www.tweaking.com/forums/index.php/topic,69.0.html
Small code improvements.
 
v1.5.7
Changed Windows Image Acquisition (WIA) from "stisvc start= demand" to "stisvc start= auto" in the windows services repair.
 
v1.5.6
The "Remove Policies Set By Infections" repair wasn't working properly. The commands where deleting the Reg file before it had been applied. I added the start /wait command to the regedit. "Remove Policies Set By Infections" Now works correctly :-)
 
v1.5.5
Removed "WwanSvc start= demand" from the windows services repair.
The program no longer defaults to the C:\ for repairs. The program now looks at the location of the Windows dir and uses the drive that Windows is on.
 
v1.5.4
On users machines who's "Path" variable was corrupt none of the repairs would work. To fix this I have added "set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem" to all the repairs. Now on users systems with a corrupt "path" variable the repairs will still work properly :-)
 
v1.5.3
Changed 4 service defaults from manual to auto in the set services to default startup repair. Media Center Receiver Service, Media Center Scheduler Service, Windows Media Center Service Launcher and Windows Media Player Network Sharing Service.
Removed Panda cloud antivirus from the program and put Avast as a recommendation (Step 2 Window).
Added ComboFix to the recommendation page (Step 2 Window).
 
v1.5.2
Interface changes.
 
v1.5.1
Blackvipers site listed the Windows 7 wireless service startup state as manual. But when it is set to manual it will not start and thus the user has no wireless. I have updated the services startup repair tool to put the wireless to auto instead of manual.
 
v1.5.0
Added a new repair "Set Windows Services To Default Startup". (Currently 194 services) This will set the Windows services to their default startup state. Special thanks to http://www.blackviper.com/ for having all the default information handy. This will set the services startup by the "sc config" command and not by the registry. The information on the repair in the program lists all the services that are set.
 
1.4.3
The new setup file for the program was missing some of the repair files it needed. The setup has been updated and I made this new version so people who downloaded the last version will update and get the rest of the files they need.
 
1.4.2
Removed moving arrow from the repair window. Since the list of repairs is growing and the list is scrollable the arrow didn't work well.
In a past update I removed the custom buttons because they would cause the program to crash. The program then used the default old ugly buttons. I have made a new button control and updated the buttons so they look better, and it doesn't cause the program to crash like the old ones.
Program now asks the user if they want to create a restore point before doing repairs if they didn't have the program create one.
The program now comes in a setup program and the portable version. The new setup is larger because it contains the VB6 SP6 runtimes the program needs in case they are corrupt on the system that is being repaired.
More Code tweaks and changes.
 
v1.4.1
Added more files to the register system files repair that will fix "Class not registered" when trying to open a .mmc file. Such as Task scheduler, Device Manager, Computer Management and more.
Program now starts the Windows Sidebar after the Windows Sidebar repair.
Removed the security zones in IE being reset with the sidebar repair.
More code tweaks and improvements.
 
v1.4.0
Removed the custom buttons from the program. It was causing the program to crash on some systems. Program is meant to repair, not look pretty, so ugly standard safe buttons it is :-)
Add new repair "Repair Windows Sidebar/Gadgets"
Changed the window size of the repair window, making it smaller and easier to fit on screen for smaller resolutions.
More code tweaks.
 
v1.3.1
Minor GUI and code Tweaks.
 
v1.3.0
If you ran an older version of this repair program and it caused problems on your system, download and run this version and it will fix any problems it caused :-)
Added new repair "Repair Volume Shadow Copy Service"
Major update to the program making it safer and better at repairs. Make sure to use this new version and not the old versions.
 
v1.2.0
Per user request - Added a new repair "Repair CD/DVD Missing/Not Working"
Fixed bug where when repairing WMI the WMI tester would open and the program wouldn't move forward till the WMI tester was closed. Most users didn't know to close this. I have made the program now look for and close the WMI tester if it pops up during the WMI repair.
 
v1.1.1
Remove some files from the Register System Files repair. While this repair worked great on a lot of some systems on a few ones it would create more problems. The repair now has a much smaller list of only known good files to register.
Updated Repair IE section.
Updated Repair MDAC Section.
 
v1.1.0
Major changes to how the program launches the repairs. It now shows the command window doing the repair in the task bar. Also should work better with the UAC enabled and running the commands as administrator. This will also keep the program from not responding during repairs.
Updated the file permissions repair to include everyone and users full rights. It use to do just Administrators & System. But on some machines they needed more to get things working right again. This should fix that.
Replaced some of the controls in the program so the program & zip file is smaller in size.
 
v1.0.2
Fixed bug in Repair WMI (Hopefully got it this time)
Added link to help fix any problems someone might have with the file permissions repair.
 
v1.0.1
Fixed bug in Repair WMI
GUI Changes.
 
v1.0.0
First Release


#12 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 11 June 2014 - 03:42 AM

Re- # 10

             After sending last to you Broni I shut down  BC & all other Programmes / browsers closed, went to enter into Fire fox & it kept saying "Firefox being used exit or restart"  I checked all my other "browsers" inc F/ F all closed tried to open F/F & same message! I have rebooted & now ok in F/F? & as question in #10 "spellchecker" now not working? could it be someone else in my or using picking up??? from my Router! just a wild thought?? & really do not know what I am talking about just seems strange? Whilst on here ! going to try & past in preivious requests from you! as it seems strange earlier ok! thanks a lot! No good just been trying! as your other requests going to try from Chrome & IE again Yony



#13 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 11 June 2014 - 04:40 AM

 Results of screen317's Security Check version 0.99.83  
Broni: 
         I can hear you swearing now!!! apoligies & a Question please! Why was this not working in F/F?? & that answer can wait as we may be able to carry on now!
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/06/2014 01:11:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual
 
 * EventSystem => %SystemRoot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/06/2014 01:11:29 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/06/2014 01:11:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual
 
 * EventSystem => %SystemRoot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/06/2014 01:11:29 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)
 
Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/06/2014 01:11:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual
 
 * EventSystem => %SystemRoot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/06/2014 01:11:29 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Anthony (administrator) on 06-06-2014 at 10:34:33
Running from "C:\Users\Anthony\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Anthony-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-FB-A6-DF-4D-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7506:7791:c8c6:63f0%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 06 June 2014 9:16:54 AM
   Lease Expires . . . . . . . . . . : 07 June 2014 9:16:54 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 235728614
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-87-7A-6A-90-FB-A6-DF-4D-0B
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1087:2b53:3f57:fffc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1087:2b53:3f57:fffc%16(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Reusable ISATAP Interface {48985015-A057-4CDD-828F-315671266839}:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.3%17(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4009:802::1001
 173.194.34.65
 173.194.34.69
 173.194.34.73
 173.194.34.66
 173.194.34.70
 173.194.34.64
 173.194.34.68
 173.194.34.71
 173.194.34.72
 173.194.34.67
 173.194.34.78
 
 
Pinging google.com [173.194.34.65] with 32 bytes of data:
Reply from 173.194.34.65: bytes=32 time=39ms TTL=58
Reply from 173.194.34.65: bytes=32 time=39ms TTL=58
 
Ping statistics for 173.194.34.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 39ms, Average = 39ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=188ms TTL=52
Reply from 98.138.253.109: bytes=32 time=192ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 188ms, Maximum = 192ms, Average = 190ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...90 fb a6 df 4d 0b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    276
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:9d38:6abd:1087:2b53:3f57:fffc/128
                                    On-link
 10    276 fe80::/64                On-link
 16    306 fe80::/64                On-link
 17    281 fe80::5efe:192.168.0.3/128
                                    On-link
 16    306 fe80::1087:2b53:3f57:fffc/128
                                    On-link
 10    276 fe80::7506:7791:c8c6:63f0/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {da7e2486-04d8-4204-9391-644ade66ad35}
 
 
System errors:
=============
Error: (06/06/2014 10:28:49 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%1083
 
Error: (06/06/2014 10:28:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:52 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%1083
 
Error: (06/06/2014 10:26:52 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:23:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:23:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
 
Microsoft Office Sessions:
=========================
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: Subscribing the Registry server writer failed. hr = 8004230208lx0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {da7e2486-04d8-4204-9391-644ade66ad35}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-12 18:52:07.920
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.826
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.817
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-09 16:44:02.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-09 16:44:02.526
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Acrobat.com (Version: 1.6.65)
Adblock Plus for IE (32-bit and 64-bit) (Version: 1.1)
Adblock Plus for IE (Version: 1.1)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Advanced Uninstaller PRO - Version 11 (Version: 11)
Alcor Micro USB Card Reader (Version: 1.5.17.05094)
Bing Bar (Version: 7.0.609.0)
Bing Maps 3D (Version: 4.0.903.16005)
Blasterball 3 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Build-a-lot 2 (Version: 2.2.0.82)
CCleaner (Version: 4.13)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.18)
Escape Rosecliff Island (Version: 2.2.0.82)
Faerie Solitaire (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
Google Chrome (Version: 35.0.1916.114)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.24.7)
Hotkey Utility (Version: 2.05.3003)
Identity Card (Version: 1.00.3002)
ImageMixer 3 SE Ver.4.5 Transfer Utility (Version: 4.05.009)
ImageMixer 3 SE Ver.4.5 Video Tools (Version: 4.05.009)
ImagXpress (Version: 7.0.74.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2827)
Jewel Quest (Version: 2.2.0.82)
Jewel Quest Solitaire 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Mahjongg Artifacts (Version: 2.2.0.82)
Malwarebytes Anti-Malware version 2.0.2.1012 (Version: 2.0.2.1012)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 29.0.1 (x86 en-GB) (Version: 29.0.1)
Mozilla Maintenance Service (Version: 29.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Transfer Utility Ver.1.5 (Version: 1.05.005)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Nokia Ovi Suite (Version: 3.1.1.80)
Nokia Ovi Suite Software Updater (Version: 02.07.004.45780)
Ovi Desktop Sync Engine (Version: 1.5.266.0)
OviMPlatform (Version: 2.7.72.0)
Packard Bell Games (Version: 1.0.0.80)
Packard Bell InfoCentre (Version: 3.02.3000)
Packard Bell Recovery Management (Version: 4.05.3007)
Packard Bell Registration (Version: 1.02.3006)
Packard Bell ScreenSaver (Version: 1.1.0812)
Packard Bell Software Suite SE (Version: 2.01.3003)
Packard Bell Updater (Version: 1.02.3001)
PC Connectivity Solution (Version: 11.4.19.0)
PDF Creator
Penguins! (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
Polar Pool (Version: 2.2.0.82)
Rapport (Version: 3.5.1307.76)
RealDownloader (Version: 17.0.8)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer Cloud (Version: 17.0.8)
Realtek Ethernet Controller Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
RealUpgrade 1.1 (Version: 1.1.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sky Broadband (Version: 1.0.0)
SUPERAntiSpyware (Version: 5.7.1018)
SupraSavings (Version: 1.0.0.0)
Trusteer Endpoint Protection (Version: 3.5.1307.76)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Updater (Version: 2.6.47)
UpdateService (Version: 1.0.0)
VC 9.0 Runtime (Version: 1.0.0)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - A New Home (Version: 2.2.0.82)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Welcome Center (Version: 1.00.3013)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
========================= Devices: ================================
 
Name: Norton Family Settings Manager
Description: Norton Family Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NSM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: G:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: I:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: AVG network filter service
Description: AVG network filter service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgfwfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: F:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: H:\
Description: SM/xD Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 2999.11 MB
Available physical RAM: 1270.65 MB
Total Pagefile: 5996.4 MB
Available Pagefile: 3880.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.21 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Packard Bell) (Fixed) (Total:221.95 GB) (Free:170.14 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:222.71 GB) (Free:176.37 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANTHONY-PC
 
Administrator            Anthony                  Guest                    
Poppy                    
 
========================= Restore Points ==================================
 
20-05-2014 11:09:13 Windows Update
23-05-2014 21:06:29 After installing Advanced Uninstaller PRO
25-05-2014 08:01:30 Windows Update
28-05-2014 17:46:27 Windows Update
28-05-2014 18:10:59 Windows Backup
28-05-2014 18:13:40 Windows Backup
28-05-2014 18:14:27 Restore Operation
01-06-2014 15:33:02 Windows Update
01-06-2014 18:00:07 Windows Backup
03-06-2014 07:24:12 Installed Rapport
03-06-2014 14:45:48 Windows Backup
03-06-2014 15:45:16 Windows Backup
05-06-2014 09:32:10 Windows Update
 
**** End of log ****
 
Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/06/2014 01:05:11 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual
 
 * EventSystem => %SystemRoot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/06/2014 01:05:31 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Anthony (administrator) on 06-06-2014 at 10:34:33
Running from "C:\Users\Anthony\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Anthony-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-FB-A6-DF-4D-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7506:7791:c8c6:63f0%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 06 June 2014 9:16:54 AM
   Lease Expires . . . . . . . . . . : 07 June 2014 9:16:54 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 235728614
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-87-7A-6A-90-FB-A6-DF-4D-0B
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1087:2b53:3f57:fffc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1087:2b53:3f57:fffc%16(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Reusable ISATAP Interface {48985015-A057-4CDD-828F-315671266839}:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.3%17(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4009:802::1001
 173.194.34.65
 173.194.34.69
 173.194.34.73
 173.194.34.66
 173.194.34.70
 173.194.34.64
 173.194.34.68
 173.194.34.71
 173.194.34.72
 173.194.34.67
 173.194.34.78
 
 
Pinging google.com [173.194.34.65] with 32 bytes of data:
Reply from 173.194.34.65: bytes=32 time=39ms TTL=58
Reply from 173.194.34.65: bytes=32 time=39ms TTL=58
 
Ping statistics for 173.194.34.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 39ms, Average = 39ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=188ms TTL=52
Reply from 98.138.253.109: bytes=32 time=192ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 188ms, Maximum = 192ms, Average = 190ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...90 fb a6 df 4d 0b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    276
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:9d38:6abd:1087:2b53:3f57:fffc/128
                                    On-link
 10    276 fe80::/64                On-link
 16    306 fe80::/64                On-link
 17    281 fe80::5efe:192.168.0.3/128
                                    On-link
 16    306 fe80::1087:2b53:3f57:fffc/128
                                    On-link
 10    276 fe80::7506:7791:c8c6:63f0/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007043b, The executable program that this service is configured to run in does not implement the service.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043b, The executable program that this service is configured to run in does not implement the service.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {da7e2486-04d8-4204-9391-644ade66ad35}
 
 
System errors:
=============
Error: (06/06/2014 10:28:49 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%1083
 
Error: (06/06/2014 10:28:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:52 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%1083
 
Error: (06/06/2014 10:26:52 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:26:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:23:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
Error: (06/06/2014 10:23:49 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%1083
 
 
Microsoft Office Sessions:
=========================
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fcb4f24-07d4-4700-85b3-a91d21608ee1}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {e09e36ad-12b0-4ce9-a4c3-23efae3e1e55}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {b7eeffe0-398d-44fb-aef7-68b59576ec60}
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: Subscribing the Registry server writer failed. hr = 8004230208lx0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
Error: (06/06/2014 10:26:49 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043b, The executable program that this service is configured to run in does not implement the service.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {da7e2486-04d8-4204-9391-644ade66ad35}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-12 18:52:07.920
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.826
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 18:52:07.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.817
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-10 11:45:47.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-09 16:44:02.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-09 16:44:02.526
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Acrobat.com (Version: 1.6.65)
Adblock Plus for IE (32-bit and 64-bit) (Version: 1.1)
Adblock Plus for IE (Version: 1.1)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Advanced Uninstaller PRO - Version 11 (Version: 11)
Alcor Micro USB Card Reader (Version: 1.5.17.05094)
Bing Bar (Version: 7.0.609.0)
Bing Maps 3D (Version: 4.0.903.16005)
Blasterball 3 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Build-a-lot 2 (Version: 2.2.0.82)
CCleaner (Version: 4.13)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.18)
Escape Rosecliff Island (Version: 2.2.0.82)
Faerie Solitaire (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
Google Chrome (Version: 35.0.1916.114)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.24.7)
Hotkey Utility (Version: 2.05.3003)
Identity Card (Version: 1.00.3002)
ImageMixer 3 SE Ver.4.5 Transfer Utility (Version: 4.05.009)
ImageMixer 3 SE Ver.4.5 Video Tools (Version: 4.05.009)
ImagXpress (Version: 7.0.74.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2827)
Jewel Quest (Version: 2.2.0.82)
Jewel Quest Solitaire 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Mahjongg Artifacts (Version: 2.2.0.82)
Malwarebytes Anti-Malware version 2.0.2.1012 (Version: 2.0.2.1012)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 29.0.1 (x86 en-GB) (Version: 29.0.1)
Mozilla Maintenance Service (Version: 29.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Transfer Utility Ver.1.5 (Version: 1.05.005)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.45.0)
Nokia Ovi Suite (Version: 3.1.1.80)
Nokia Ovi Suite Software Updater (Version: 02.07.004.45780)
Ovi Desktop Sync Engine (Version: 1.5.266.0)
OviMPlatform (Version: 2.7.72.0)
Packard Bell Games (Version: 1.0.0.80)
Packard Bell InfoCentre (Version: 3.02.3000)
Packard Bell Recovery Management (Version: 4.05.3007)
Packard Bell Registration (Version: 1.02.3006)
Packard Bell ScreenSaver (Version: 1.1.0812)
Packard Bell Software Suite SE (Version: 2.01.3003)
Packard Bell Updater (Version: 1.02.3001)
PC Connectivity Solution (Version: 11.4.19.0)
PDF Creator
Penguins! (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
Polar Pool (Version: 2.2.0.82)
Rapport (Version: 3.5.1307.76)
RealDownloader (Version: 17.0.8)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer Cloud (Version: 17.0.8)
Realtek Ethernet Controller Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
RealUpgrade 1.1 (Version: 1.1.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sky Broadband (Version: 1.0.0)
SUPERAntiSpyware (Version: 5.7.1018)
SupraSavings (Version: 1.0.0.0)
Trusteer Endpoint Protection (Version: 3.5.1307.76)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Updater (Version: 2.6.47)
UpdateService (Version: 1.0.0)
VC 9.0 Runtime (Version: 1.0.0)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - A New Home (Version: 2.2.0.82)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Welcome Center (Version: 1.00.3013)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
========================= Devices: ================================
 
Name: Norton Family Settings Manager
Description: Norton Family Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NSM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: G:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: I:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: AVG network filter service
Description: AVG network filter service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgfwfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: F:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: H:\
Description: SM/xD Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 2999.11 MB
Available physical RAM: 1270.65 MB
Total Pagefile: 5996.4 MB
Available Pagefile: 3880.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.21 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Packard Bell) (Fixed) (Total:221.95 GB) (Free:170.14 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:222.71 GB) (Free:176.37 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANTHONY-PC
 
Administrator            Anthony                  Guest                    
Poppy                    
 
========================= Restore Points ==================================
 
20-05-2014 11:09:13 Windows Update
23-05-2014 21:06:29 After installing Advanced Uninstaller PRO
25-05-2014 08:01:30 Windows Update
28-05-2014 17:46:27 Windows Update
28-05-2014 18:10:59 Windows Backup
28-05-2014 18:13:40 Windows Backup
28-05-2014 18:14:27 Restore Operation
01-06-2014 15:33:02 Windows Update
01-06-2014 18:00:07 Windows Backup
03-06-2014 07:24:12 Installed Rapport
03-06-2014 14:45:48 Windows Backup
03-06-2014 15:45:16 Windows Backup
05-06-2014 09:32:10 Windows Update
 
**** End of log ****
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/06/2014
Scan Time: 10:43:36 AM
Logfile: 4-MBAM to SEND.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.06.03
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Anthony
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329836
Time Elapsed: 10 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.DefaultSearch.A, C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.nectar.com/?source=toolbar", "http://www.default-search.net?sid=476&aid=130&itype=n&ver=11471&tm=298&src=hmp", "http://www.msn.com/?pc=BDT5&ocid=BDT5DHP" ],), Replaced,[b4871b5aea916dc9bdbb8d0b16eec63a]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:07 AM

Posted 11 June 2014 - 06:31 PM

You did it eventually :)

 

I still need MBAR logs.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Yony

Yony
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Essex
  • Local time:01:07 PM

Posted 13 June 2014 - 04:32 AM

Broni

​          You got me there eventually thank you& I guess it is the best way to learn': Broni What I add now is the only Log of part of a list that will Copy & paste! I tried opening the others & sending but they just filled where I am typing now & no where to send! I was offered a Download called "Open Free" or "OF" which I did not download,Because of where I have been for two ---months & lost all my files! Kindest Regards Yony.------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17107
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.059000 GHz
Memory total: 3144794112, free: 1309601792
 
=======================================
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17107
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.059000 GHz
Memory total: 3144794112, free: 1288716288
 
Downloaded database version: v2014.06.06.03
Downloaded database version: v2014.06.02.01
Initializing...
======================
------------ Kernel report ------------
     06/06/2014 11:52:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80054be060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa8004d8a060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80054bb060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa8004d79060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80054bd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8004d78060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80054c0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8004d89060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003514060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80031cf060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003514060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80033b38c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003514060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80031cd3f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80031cf060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A204DCC8
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 44040192
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 44042240  Numsec = 204800
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 44247040  Numsec = 465465344
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 509712384  Numsec = 467058688
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80054c0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80054c0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80054c0060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d89060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80054bd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80054bdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80054bd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d78060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80054bb060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80054bbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80054bb060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d79060, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80054be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80054beb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80054be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d8a060, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-44042240-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users