Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 8 , 8.1 can't do updates and system refresh won't work


  • This topic is locked This topic is locked
97 replies to this topic

#1 heimdal7

heimdal7

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 21 November 2014 - 03:08 PM

I got told to repost this here incase it is a virus.

 

I originally had 8.1 on my laptop  and at one point it stopped being able to install updates. They would fail every time it tried. I ended up doing a reformat since I couldn't find a cause for the problem. Well this time I left it at 8 but after around a month it started again. It can't do updates ,it can't  install win 8.1 ,  apps won't turn on (was finally able get the app store to start). Also system refresh and any other repair thing won't work. Firefox also acts funny  where ad block won't work and  certain settings won't save.  I've run every scan I can think of but have not found anything. I'm at a lost what to do not knowing if it is some kind of virus or hardware malfunction or something else. The system uses a partition to reformat from not a disk. I also here a periodic clicking and the  dvd drive or hard drive (not sure which) would rev occasionally. I don't think it has done it recently.  The computer is a asus g75  gforce gtx 670mx.

 

Some of the scans I've done are  avast and avg, malware bytes, advance system care, ccleaner, bitdefender, Microsoft malicious scan, spybot search and destroy. Also some Microsoft system file scan but forget the name. I didn't have both anti virus on system at the same time.

 

Is it possible  for a virus to make it's own partition or something to reload from?



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 26 November 2014 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557105 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 30 November 2014 - 05:51 PM

Greetings heimdal7 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Although this does not sound like a malware issue we can take a quick look at your situation. Please start with this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 02 December 2014 - 03:33 PM

Ok ty for repplying just give me a day or 2 to do that.



#5 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 December 2014 - 11:24 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by Heimdal7 (administrator) on HEIMDAL on 03-12-2014 11:06:06
Running from C:\Users\Heimdal7\Desktop
Loaded Profile: Heimdal7 (Available profiles: Heimdal7 & test)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll
HKLM\...\Run: [SynAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-16] (Synaptics)
HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-16] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-410511488-4269391518-2674604624-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-410511488-4269391518-2674604624-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-410511488-4269391518-2674604624-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: RegistryDefragBootTime.exeautocheck autochk /p \??\D:autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-410511488-4269391518-2674604624-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-410511488-4269391518-2674604624-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\user.js
FF Extension: Ads Removal - C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\Extensions\adremoveext@adremoveext.net [2014-11-23]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-21]
FF Extension: Bitdefender QuickScan - C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-20]
FF Extension: NoScript - C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-25]
FF Extension: Adblock Plus - C:\Users\Heimdal7\AppData\Roaming\Mozilla\Firefox\Profiles\hzd1val6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25]
CHR Extension: (AdBlock Premium) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Heimdal7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-09-20] (Broadcom Corporation.)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-09-20] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-09-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-16] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 11:06 - 2014-12-03 11:06 - 00019159 _____ () C:\Users\Heimdal7\Desktop\FRST.txt
2014-12-03 11:04 - 2014-12-03 11:06 - 00000000 ____D () C:\FRST
2014-12-03 11:04 - 2014-12-03 11:04 - 02117120 _____ (Farbar) C:\Users\Heimdal7\Desktop\FRST64.exe
2014-12-01 09:07 - 2014-12-01 09:07 - 00000091 _____ () C:\Users\Heimdal7\Desktop\US Post Office in Edgemoor, DE - 800-275-8777.url
2014-11-30 16:24 - 2014-11-30 16:24 - 00000510 _____ () C:\Users\Heimdal7\Desktop\USPS.com® - Location Details.URL
2014-11-25 13:11 - 2014-11-25 13:11 - 00000401 _____ () C:\Users\test\AppData\Roaming\sp_data.sys
2014-11-25 13:11 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\Documents\Bluetooth Exchange Folder
2014-11-25 13:11 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\AppData\Roaming\AVG2015
2014-11-25 13:11 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\AppData\Roaming\ASUS
2014-11-25 13:11 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\AppData\Local\Broadcom
2014-11-25 13:11 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\AppData\Local\Avg2015
2014-11-25 13:10 - 2014-11-25 13:10 - 00001432 _____ () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-25 13:10 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\test\AppData\Roaming\Adobe
2014-11-25 13:10 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2014-11-25 13:10 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-11-25 13:10 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-11-25 13:08 - 2014-11-25 13:11 - 00000000 ____D () C:\Users\test\AppData\Roaming\IObit
2014-11-25 13:08 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\test\AppData\Local\Packages
2014-11-25 13:08 - 2014-11-25 13:09 - 00000000 ____D () C:\Users\test\AppData\Local\NVIDIA Corporation
2014-11-25 13:08 - 2014-11-25 13:08 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore
2014-11-25 13:08 - 2014-11-25 13:08 - 00000000 ____D () C:\Users\test\AppData\Local\NVIDIA
2014-11-25 13:08 - 2014-11-25 13:08 - 00000000 ____D () C:\Users\test\AppData\Local\ASUS
2014-11-25 13:06 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\test
2014-11-25 13:06 - 2014-11-25 13:06 - 00000020 ___SH () C:\Users\test\ntuser.ini
2014-11-25 13:06 - 2014-11-14 09:03 - 00000000 ____D () C:\Users\test\AppData\Roaming\TuneUp Software
2014-11-25 13:06 - 2014-09-09 15:40 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-25 13:06 - 2014-09-09 15:40 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-25 13:06 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 13:06 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-25 12:12 - 2014-11-25 12:12 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2014-11-24 23:05 - 2014-11-24 23:05 - 00000228 _____ () C:\Users\Heimdal7\Desktop\▶ RWBY Volume 1 Songs by Jeff Williams - YouTube.URL
2014-11-23 23:38 - 2014-11-23 23:38 - 00000232 _____ () C:\Users\Heimdal7\Desktop\Rooster Teeth · RWBY Volume 2, Chapter 7.URL
2014-11-23 21:51 - 2014-11-23 21:51 - 00000305 _____ () C:\Users\Heimdal7\Desktop\failure configuring windows updates. reverting changes! - Page 2.URL
2014-11-23 20:31 - 2014-11-23 20:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-23 20:30 - 2014-11-23 20:31 - 11222744 _____ (SurfRight B.V.) C:\Users\Heimdal7\Downloads\HitmanPro_x64.exe
2014-11-21 17:01 - 2014-11-21 17:01 - 90754872 _____ (AVG Technologies) C:\Users\Heimdal7\Downloads\avg_tuh_stf_all_2015_185_24c28 (1).exe
2014-11-21 15:57 - 2014-11-21 15:57 - 38068224 _____ () C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2014-11-21 15:42 - 2014-11-21 15:42 - 37888000 _____ () C:\WINDOWS\system32\config\COMPONENTS.iobit
2014-11-21 15:41 - 2014-11-21 15:41 - 00003172 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2014-11-21 15:40 - 2014-12-03 10:55 - 00002195 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-11-21 15:40 - 2014-12-03 10:46 - 00000264 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_Heimdal7.job
2014-11-21 15:40 - 2014-11-21 15:40 - 00002406 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Heimdal7
2014-11-21 15:40 - 2014-11-21 15:40 - 00002370 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Heimdal7
2014-11-21 15:40 - 2014-11-21 15:40 - 00001240 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-21 15:40 - 2014-11-21 15:40 - 00000300 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Heimdal7.job
2014-11-21 15:40 - 2014-11-21 15:40 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-11-21 15:40 - 2014-11-21 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-11-21 15:40 - 2014-11-21 15:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-21 15:39 - 2014-11-21 15:39 - 43183800 _____ (IObit ) C:\Users\Heimdal7\Downloads\advanced-systemcare-setup.exe
2014-11-21 15:39 - 2014-11-21 15:39 - 00001187 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-21 15:39 - 2014-11-21 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-20 18:08 - 2014-11-20 18:08 - 00000229 _____ () C:\Users\Heimdal7\Desktop\4 Ways to Close Apps on Android - wikiHow.URL
2014-11-20 17:50 - 2014-11-20 17:50 - 00000256 _____ () C:\Users\Heimdal7\Desktop\e8255_k00B_me173X_em.pdf.URL
2014-11-20 16:29 - 2014-11-20 16:29 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-11-18 08:49 - 2014-11-18 08:49 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-18 08:48 - 2014-11-18 08:48 - 04977216 _____ (Piriform Ltd) C:\Users\Heimdal7\Downloads\ccsetup419.exe
2014-11-16 12:43 - 2014-12-03 10:45 - 01130829 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-16 12:40 - 2014-11-16 12:41 - 32507072 _____ (Microsoft Corporation) C:\Users\Heimdal7\Downloads\Windows-KB890830-x64-V5.18.exe
2014-11-16 11:17 - 2014-11-16 11:17 - 00000292 _____ () C:\Users\Heimdal7\Desktop\Windows 8 and 8.1 updates apps and system refresh wont work. - Windows 8.URL
2014-11-15 19:39 - 2014-11-15 19:39 - 00000282 _____ () C:\Users\Heimdal7\Desktop\The Pipeline From Hell There’s No Good Reason to Build Keystone XL No lasting jobs, no cheaper gas, and a chance to kill off.URL
2014-11-14 10:47 - 2014-11-14 10:47 - 00000270 _____ () C:\Users\Heimdal7\Desktop\Exclusive Controversial U.S. energy loan program has wiped out losses Reuters.URL
2014-11-14 09:03 - 2014-11-14 09:03 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-14 09:03 - 2014-11-14 09:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-11-14 09:03 - 2014-11-14 09:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-11-13 11:12 - 2014-12-03 10:43 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 11:12 - 2014-12-03 00:17 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 03:00 - 2014-10-29 19:53 - 00713672 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-12 03:00 - 2014-10-29 19:53 - 00106432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 23:07 - 2014-10-23 07:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 23:07 - 2014-10-23 06:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 23:07 - 2014-08-21 18:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 23:07 - 2014-08-21 18:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-10 21:40 - 2014-11-10 21:40 - 00000262 _____ () C:\Users\Heimdal7\Desktop\Audible 3 months @ $1.95 each audiobooks.URL
2014-11-08 11:15 - 2014-11-08 11:17 - 00000000 ____D () C:\Users\Heimdal7\Desktop\sherlock
2014-11-07 16:55 - 2014-11-09 00:55 - 00001675 _____ () C:\Users\Heimdal7\Desktop\salvg gear.txt
2014-11-07 12:04 - 2014-11-16 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 21:54 - 2014-11-06 21:54 - 00000000 ____D () C:\ProgramData\AVG
2014-11-06 21:53 - 2014-11-06 21:54 - 90754872 _____ (AVG Technologies) C:\Users\Heimdal7\Downloads\avg_tuh_stf_all_2015_185_24c28.exe
2014-11-06 21:49 - 2012-07-26 00:26 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141106-214942.backup
2014-11-06 21:39 - 2014-11-06 21:39 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-06 21:39 - 2014-11-06 21:39 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-06 21:39 - 2014-11-06 21:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-11-06 21:39 - 2014-11-06 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-06 21:38 - 2014-11-06 21:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-06 21:38 - 2014-11-06 21:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-06 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-11-06 21:37 - 2014-11-06 21:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Heimdal7\Downloads\spybot-2.4.exe
2014-11-06 21:28 - 2014-11-06 21:28 - 00000000 ____D () C:\Users\Heimdal7\AppData\Roaming\AVG2015
2014-11-06 21:27 - 2014-11-14 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-06 21:27 - 2014-11-07 11:02 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-06 21:27 - 2014-11-06 21:27 - 00000000 ___HD () C:\$AVG
2014-11-06 21:27 - 2014-11-06 21:27 - 00000000 ____D () C:\Users\Heimdal7\AppData\Roaming\TuneUp Software
2014-11-06 21:27 - 2014-11-06 21:27 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-06 21:24 - 2014-12-03 10:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 21:24 - 2014-11-06 22:35 - 00000000 ____D () C:\Users\Heimdal7\AppData\Local\Avg2015
2014-11-06 21:24 - 2014-11-06 21:24 - 04637504 _____ (AVG Technologies) C:\Users\Heimdal7\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-06 21:24 - 2014-11-06 21:24 - 00000000 ____D () C:\Users\Heimdal7\AppData\Local\MFAData
2014-11-06 20:39 - 2014-11-06 20:39 - 05038224 _____ (AVAST Software) C:\Users\Heimdal7\Desktop\avastclear.exe
2014-11-06 20:19 - 2014-11-06 20:19 - 00000227 _____ () C:\Users\Heimdal7\Desktop\▶ Repair Windows 8 using Automatic Repair - YouTube.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 11:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-03 10:55 - 2014-09-09 16:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-03 10:49 - 2012-07-26 02:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-03 10:48 - 2014-09-08 18:31 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-410511488-4269391518-2674604624-1002
2014-12-03 10:48 - 2014-09-08 18:23 - 00000000 ____D () C:\Users\Heimdal7
2014-12-03 10:43 - 2014-09-08 18:25 - 00000401 _____ () C:\Users\Heimdal7\AppData\Roaming\sp_data.sys
2014-12-03 10:42 - 2012-12-12 01:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-03 10:42 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-03 00:23 - 2012-07-26 00:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 23:28 - 2014-09-10 17:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-01 08:39 - 2014-10-20 12:34 - 00000000 ____D () C:\Users\Heimdal7\AppData\Roaming\QuickScan
2014-12-01 08:38 - 2014-09-20 10:21 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-29 11:29 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-26 02:17 - 2014-10-25 02:08 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 14:28 - 2014-09-10 17:10 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-25 13:28 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 13:15 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-11-21 15:57 - 2014-10-02 21:32 - 05058560 _____ () C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2014-11-21 15:57 - 2014-09-20 10:47 - 75100160 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-11-21 15:57 - 2014-09-20 10:47 - 04984832 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-11-21 15:57 - 2014-09-20 10:47 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-11-21 15:57 - 2014-09-20 10:47 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-11-21 15:40 - 2014-09-20 10:20 - 00000000 ____D () C:\Users\Heimdal7\AppData\Roaming\IObit
2014-11-21 15:40 - 2014-09-20 10:20 - 00000000 ____D () C:\ProgramData\IObit
2014-11-21 15:40 - 2014-09-20 10:20 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-18 08:49 - 2014-10-19 09:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-18 07:41 - 2014-10-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-16 15:29 - 2012-12-12 01:30 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2014-11-13 11:12 - 2014-10-25 02:07 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 11:12 - 2014-10-25 02:07 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 03:02 - 2014-09-08 20:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-06 21:27 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-11-06 00:56 - 2014-09-08 18:23 - 00000000 ____D () C:\Users\Heimdal7\AppData\Local\Packages
2014-11-03 09:13 - 2014-10-20 12:16 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 04:06

==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by Heimdal7 at 2014-12-03 11:06:39
Running from C:\Users\Heimdal7\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.019 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.14 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
FINAL FANTASY XI (HKLM-x32\...\Steam App 23390) (Version:  - SQUARE ENIX)
FINAL FANTASY XI Seekers of Adoulin (x32 Version: 1.50.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.1 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-GB)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2200 - Broadcom Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-11-2014 09:05:50 Windows Update
20-11-2014 08:00:06 Windows Update
21-11-2014 20:50:54 Windows Modules Installer
25-11-2014 17:08:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2014-11-06 21:49 - 00450713 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AC6209-460D-4EC3-9472-4C4A4482CE26} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\WINDOWS\system32\NotificationUI.exe [2014-09-20] (Microsoft Corporation)
Task: {18CE6721-5304-4D86-A5BC-F5FFEB1D8708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {3C43D41C-9C95-4A1E-AC3B-3BD5B2C1C18D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {50195F3D-2FC2-4552-A2FA-D1AC2B7A7EAF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-16] (Synaptics Incorporated)
Task: {57C21531-A7EC-4B8C-BE13-4E40E7D0227A} - System32\Tasks\Driver Booster SkipUAC (Heimdal7) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {668117AD-A8C1-4AD0-8936-5849B72F4449} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {6A3F996B-115F-4BE3-B6D8-32A7B5A8D79F} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {6BBCA7DA-FAC8-4A63-AB40-4331AF0302CF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {7ED6076F-18F1-476B-8F71-A8FB4C19D894} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {899FF29E-5FF4-4335-A643-CF60CB00B3F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {8FE597ED-AFB3-42F6-8790-F2EB7131E2D0} - System32\Tasks\ASC8_SkipUac_Heimdal7 => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {9070A82F-29ED-4084-B33F-38C535C7D67C} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {91E47F84-B3EF-4011-A596-C1CD3FB69F39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {999609B4-9CED-4B35-9A2D-9A81CEB9DBC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9E195E24-5A59-41FB-9BE7-829782931EA3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {A92E1CF1-5545-4163-9CE6-8BAC37A90128} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B5161E48-CC86-4F81-9B73-0AF738DC0667} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {BF0460C6-E4C3-4A1A-A6E2-69C778C11330} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-08-01] (IObit)
Task: {DDF6F647-BB27-47BF-B57A-DA9322FF5455} - System32\Tasks\Uninstaller_SkipUac_Heimdal7 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {F99434B0-A838-44EB-A778-75A512D9A790} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {FE050DA7-B685-4FA1-8177-EE9595C7621E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Heimdal7.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Heimdal7.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2012-12-12 01:18 - 2014-10-16 09:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-06 18:53 - 2012-09-06 18:53 - 00047480 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2012-10-04 17:58 - 2012-10-04 17:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 17:58 - 2012-10-04 17:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2012-10-17 02:41 - 2012-09-16 22:13 - 01367864 _____ () C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
2012-12-12 01:29 - 2011-09-19 13:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-11-21 15:40 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-11-06 21:38 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-06 21:38 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-06 21:38 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-06 21:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-06 21:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-21 15:40 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-11-21 15:40 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-11-21 15:40 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-11-21 15:40 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2012-09-11 17:01 - 2012-09-11 17:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-09-19 22:24 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-19 22:24 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-11-21 15:40 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-11-21 15:39 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-11-21 15:39 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-11-21 15:39 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-11-21 15:39 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-11-21 15:39 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-11-21 15:39 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-21 15:39 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-11-21 15:40 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-11-21 15:40 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-11-21 15:40 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-12-12 01:20 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-21 15:40 - 2014-10-15 15:09 - 01284384 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\Scan.dll
2014-11-16 10:20 - 2014-11-16 10:20 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-410511488-4269391518-2674604624-500 - Administrator - Disabled)
Guest (S-1-5-21-410511488-4269391518-2674604624-501 - Limited - Disabled)
Heimdal7 (S-1-5-21-410511488-4269391518-2674604624-1002 - Administrator - Enabled) => C:\Users\Heimdal7
test (S-1-5-21-410511488-4269391518-2674604624-1003 - Limited - Enabled) => C:\Users\test

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/03/2014 10:43:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (12/02/2014 11:29:15 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel® Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (11/30/2014 09:46:05 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel® Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (11/25/2014 01:23:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Windows 8 for x64-based Systems (KB2992611).

Error: (11/25/2014 01:16:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB3003057).

Error: (11/25/2014 01:12:53 PM) (Source: DCOM) (EventID: 10010) (User: Heimdal)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (11/25/2014 00:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371c: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB3003057).

Error: (11/25/2014 00:11:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371c: Update for Windows 8 for x64-based Systems (KB3000853).

Error: (11/25/2014 00:09:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB3003057).

Error: (11/24/2014 09:51:03 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel® Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (11/23/2014 09:45:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Security Update for Windows 8 for x64-based Systems (KB3002885).


Microsoft Office Sessions:
=========================
Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/03/2014 11:04:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/03/2014 10:43:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (12/03/2014 10:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Heimdal7\AppData\Local\Microsoft\Windows\\UsrClass.dat


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8145.2 MB
Available physical RAM: 5942.84 MB
Total Pagefile: 9361.2 MB
Available Pagefile: 6412.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.86 GB) (Free:840.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

==================== End Of Log ============================

 



#6 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 December 2014 - 11:26 AM

I couldn't find how to  attach the file. The link you provided just took me to photobucket  with it saying the  image has been moved or deleted.

 

I did notice somehtign about system coruption in the  errors log this thing made.


Edited by heimdal7, 03 December 2014 - 11:27 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 03 December 2014 - 11:44 AM

Yes, sorry about the Attach link. I have had to modify that since I posted your instructions. Look here.

I also see the error information which is pointing to a corrupted registry. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
U0 msahci; No ImagePath
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\ProgramData\SetStretch.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 December 2014 - 12:57 PM

ok here is the summary.

Attached Files



#9 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 December 2014 - 01:15 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by Heimdal7 at 2014-12-03 13:01:29 Run:1
Running from C:\Users\Heimdal7\Desktop
Loaded Profile: Heimdal7 (Available profiles: Heimdal7 & test)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => "C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-410511488-4269391518-2674604624-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
U0 msahci; No ImagePath
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll" => Value Data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKU\S-1-5-21-410511488-4269391518-2674604624-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-410511488-4269391518-2674604624-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
msahci => Service deleted successfully.

==== End of Fixlog ====

 

 

I can't find  a path for C:\ProgramData\SetStretch.exe. There is no folder on Cdrive called programdata and  windows search finds no file called setstrech.exe

 

Ok found it


Edited by heimdal7, 03 December 2014 - 01:29 PM.


#10 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 December 2014 - 01:30 PM

https://www.virustotal.com/en/file/a84b5e69527a9f91dae964ed40022a2a77c1fe45b7a381a335202ec3927d140b/analysis/1417631343/

 

https://www.virustotal.com/en/file/656912e6b3deb9fd4b6f223e9056350a77253fbda1b66df867aeda08956af342/analysis/

 

 

Is it possible a hardware issue like the harddrive going bad coudl cause a system coruption. Or maybe the  recovery partion being corupted itself or a regerstry scan like Cclean or advance system care be corupting it?


Edited by heimdal7, 03 December 2014 - 01:33 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 03 December 2014 - 04:02 PM

Greetings,

BleepingComputer does not recommend the use of any registry cleaners, or the registry cleaner portion of programs. It is hard to say at this point what is causing your issue but I don't suspect a hardware issue. Windows Update problems are very common and not always easy to fix.

Please do this.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2014-11-16 04:06
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2 (Windows7/Vista)

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3 (Windows 7/Vista)

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does Windows update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 06 December 2014 - 12:47 PM

Windows still can't update and start menu apps still don't work.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by SYSTEM at 2014-12-06 12:37:37 Run:2
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-11-16 04:06
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 AM

Posted 06 December 2014 - 04:58 PM

Please do this to address the Apps issue.

===================================================

Windows 8 App Troubleshooter

--------------------
  • Click on Windows 8 App Troubleshooter (apps.diagcab)
  • An Opening apps.diagcab window will appear
  • By default Open with Diagnostics Troubleshooting Wizard (default) should be selected. If not, please select that from the dropdown menu
  • Click OK
  • Click Next on the Windows Store Apps window
  • If given the option select Reset and open Windows Store
  • List any issues detected or not fixed
  • Click Close
  • Reboot your computer and check your Apps
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do your Apps work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 07 December 2014 - 09:17 AM

No they still don't work. Btw thank you for all the help.

 

 

Windows store cache and licenses may be corrupt. Resetting windows store.

PrintWindows Store Apps Publisher details

Issues found
Service registration is missing or corruptService registration is missing or corrupt Not fixed Not Fixed
Reset service registration Completed
 
Windows Store cache may be damagedWindows Store cache may be damaged Not fixed Not Fixed
Reset and open Windows Store Completed
 
Windows Store configuration may be damagedWindows Store configuration may be damaged Detected Detected
Re-register Windows Store Completed
 
Some security settings are missing or have been changedSome security settings are missing or have been changed
Some apps might not have access to required resources Fixed Fixed
Reset security settings Completed
 
Some security settings are missing or have been changedSome security settings are missing or have been changed Fixed Fixed
Reset security settings Completed
 
Potential issues that were checked
AppReadiness folder is missingAppReadiness folder is missing Issue not present  
Protected audio is turned offProtected audio is turned off Issue not present  
Folders required for Automatic Update are missingFolders required for Automatic Update are missing Issue not present  
Check for missing or corrupt filesCheck for missing or corrupt files Issue not present  
Microsoft account requiredMicrosoft account required Issue not present  
Your system administrator has turned off some settingsYour system administrator has turned off some settings Issue not present  
Common picture and video file formats aren't registeredCommon picture and video file formats aren't registered Issue not present  
You are not connected to the InternetYou are not connected to the Internet
You must be connected to the Internet to sync your settings. Issue not present  
Temporary Internet files location has changedTemporary Internet files location has changed Issue not present  
User Account Control has been disabledUser Account Control has been disabled Issue not present  

Issues found Detection details

6 Service registration is missing or corrupt Not fixed Not Fixed
 
Reset service registration Completed
 
 
6 Windows Store cache may be damaged Not fixed Not Fixed
 
Reset and open Windows Store Completed
 
 
6 Windows Store configuration may be damaged Detected Detected
 
Re-register Windows Store Completed
 
 
6 Some security settings are missing or have been changed Fixed Fixed
 
Some apps might not have access to required resources
Reset security settings Completed
 
InformationalLog
File Name:  _logAppsACL.txt
 
 
 
6 Some security settings are missing or have been changed Fixed Fixed
 
Reset security settings Completed
 
 

Potential issues that were checked Detection details

 AppReadiness folder is missing Issue not present  
 
 
 Protected audio is turned off Issue not present  
 
 
 Folders required for Automatic Update are missing Issue not present  
 
 
 Check for missing or corrupt files Issue not present  
 
 
 Microsoft account required Issue not present  
 
 
 Your system administrator has turned off some settings Issue not present  
 
 
 Common picture and video file formats aren't registered Issue not present  
 
 
 You are not connected to the Internet Issue not present  
 
You must be connected to the Internet to sync your settings.
 
 Temporary Internet files location has changed Issue not present  
 
 
 User Account Control has been disabled



#15 heimdal7

heimdal7
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 07 December 2014 - 09:26 PM

Some did sugest to make another ID on the computer from the original thread I made and the apps worked under that but still coudln't do update. That's where someone said should make it in the malware/virus section.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users