Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor Trojan - referred from "Am I infected ..."


  • This topic is locked This topic is locked
10 replies to this topic

#1 ch51

ch51

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 10 February 2015 - 10:13 PM

Hi,

Referred from this post:

http://www.bleepingcomputer.com/forums/t/564681/mostly-cleaned-up-after-malware-attack-need-help-to-finish/

Symptoms at my end:

MSE did not completely / properly uninstall.

It is still listed as a choice for antivirus.

When i boot up I get this error:

------------------------------------------------------------------------------------

Microsoft Security Client

An error has occurred in the program during initialization.

If this problem continues please contact your system administrator.

Error Code 0x80070002

------------------------------------------------------------------------------------

I am informed that I have a backdoor Trojan, etc.

 

Note - I had to try this a lot of times - site told me I didn't have permission to start this topic ...

 

I am not new here - not sure what the problem is. I can attach the Addition.txt but can't past the FRST.txt

Attached Files


Edited by ch51, 10 February 2015 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 ch51

ch51
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 10 February 2015 - 10:19 PM

I'll try to attach the FRST.txt instead ...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Owner (administrator) on ROB on 10-02-2015 19:32:54
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-14] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2037360 2015-01-22] ()
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [311584 2011-08-22] (Pelmorex Media Inc.)
HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\...\MountPoints2: {8c847b40-44a5-11e1-a7a9-ec9a7448d90d} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\...\MountPoints2: {8c847b4f-44a5-11e1-a7a9-ec9a7448d90d} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://expectingrain.com/
HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM -> {B6242D9F-7C5D-4261-9762-DB6EFA512E40} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1738167360-1135782039-4165523812-1000 -> {B6242D9F-7C5D-4261-9762-DB6EFA512E40} URL =
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ljmqjqzv.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://expectingrain.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ljmqjqzv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-08]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360网页保护 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-01-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S3 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [791152 2015-01-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2015-01-22] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-01-22] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-01-22] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-01-22] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-01-22] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-01-22] (Qihu 360 Software Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 19:32 - 2015-02-10 19:33 - 00015510 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-10 19:32 - 2015-02-10 19:32 - 00000000 ____D () C:\FRST
2015-02-10 19:31 - 2015-02-10 19:31 - 02132992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-10 18:51 - 2015-02-10 18:51 - 00184648 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-07 18:10 - 2015-02-07 18:11 - 00000000 ____D () C:\Users\Owner\Documents\JDownloader
2015-02-07 18:08 - 2015-02-07 19:38 - 00000000 ____D () C:\Users\Owner\Documents\Halloween
2015-02-05 19:44 - 2015-02-05 19:44 - 00000000 ____D () C:\Users\Owner\Documents\4HF
2015-02-03 06:45 - 2015-02-03 06:45 - 00001343 _____ () C:\Users\Owner\Desktop\ESET.txt
2015-02-02 22:12 - 2015-02-02 22:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 22:11 - 2015-02-02 22:11 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2015-02-02 21:55 - 2015-02-02 21:55 - 00001063 _____ () C:\Users\Owner\Desktop\MBAM.txt
2015-02-01 17:35 - 2015-02-01 17:36 - 00049216 _____ () C:\Users\Owner\Desktop\Result.txt
2015-02-01 17:33 - 2015-02-01 17:33 - 00002349 _____ () C:\Users\Owner\Desktop\FSS.txt
2015-02-01 17:32 - 2015-02-01 17:32 - 00001090 _____ () C:\Users\Owner\Desktop\AdwCleaner[S1].txt
2015-02-01 17:24 - 2015-02-01 17:24 - 02194432 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2015-02-01 16:49 - 2015-02-01 16:49 - 00415232 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2015-02-01 16:49 - 2015-02-01 16:49 - 00401920 _____ (Farbar) C:\Users\Owner\Desktop\MiniToolBox.exe
2015-02-01 16:44 - 2015-02-01 16:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2015-02-01 01:00 - 2015-02-01 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-01-26 22:11 - 2015-02-09 19:50 - 00000000 __SHD () C:\$360Section
2015-01-26 22:08 - 2015-01-26 22:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\360TotalSecurity
2015-01-26 22:07 - 2015-01-26 22:07 - 00000000 ____D () C:\ProgramData\360SD
2015-01-26 18:49 - 2015-01-26 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:51 - 2015-01-25 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
2015-01-25 21:51 - 2015-01-25 21:51 - 00000000 ____D () C:\Program Files (x86)\Toolwiz Smart Defrag FREE
2015-01-25 21:49 - 2015-01-25 21:50 - 00000000 ____D () C:\Users\Owner\Downloads\Toolwiz
2015-01-25 21:21 - 2015-01-25 21:21 - 00000000 ____D () C:\Users\Owner\Downloads\System Ninja
2015-01-25 20:58 - 2015-01-25 20:59 - 00265750 _____ () C:\Windows\msxml4-KB2758694-chs.LOG
2015-01-25 20:48 - 2015-02-09 19:50 - 00000000 ____D () C:\ProgramData\360Quarant
2015-01-25 20:48 - 2015-02-01 17:29 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-01-25 20:48 - 2015-01-25 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\360safe
2015-01-25 20:47 - 2015-02-09 23:38 - 00000000 _RSHD () C:\360SANDBOX
2015-01-25 20:47 - 2015-01-25 20:52 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-01-25 20:47 - 2015-01-25 20:48 - 00000000 ____D () C:\ProgramData\360safe
2015-01-25 20:47 - 2015-01-25 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-01-25 20:47 - 2015-01-22 07:42 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360FsFlt.sys
2015-01-25 20:47 - 2015-01-22 07:42 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-01-25 20:47 - 2015-01-22 07:42 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-01-25 20:47 - 2015-01-22 07:42 - 00100424 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2015-01-25 20:47 - 2015-01-22 07:42 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-01-25 20:47 - 2015-01-22 07:42 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2015-01-25 20:46 - 2015-01-25 20:46 - 00000000 ____D () C:\Program Files (x86)\360
2015-01-25 20:38 - 2015-01-25 20:43 - 00000000 ____D () C:\Users\Owner\Downloads\360 Total Security
2015-01-25 20:13 - 2015-01-25 21:11 - 00003132 _____ () C:\FixitRegBackup.reg
2015-01-25 19:31 - 2015-01-25 19:31 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-25 19:29 - 2015-01-25 19:29 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-25 19:28 - 2015-01-25 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2015-01-25 19:11 - 2015-01-25 20:51 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 19:11 - 2015-01-25 19:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 19:11 - 2015-01-25 19:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 19:02 - 2015-02-01 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 19:02 - 2015-01-25 19:02 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 19:02 - 2015-01-25 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-01-25 18:35 - 2015-01-25 18:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 18:33 - 2015-01-25 18:33 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 18:04 - 2015-02-03 00:18 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-25 18:04 - 2015-01-25 18:04 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-25 17:50 - 2015-01-25 17:50 - 00000000 ____D () C:\Windows\ERUNT
2015-01-25 17:42 - 2015-02-01 17:28 - 00000000 ____D () C:\AdwCleaner
2015-01-25 16:55 - 2015-01-25 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-25 09:27 - 2015-01-26 22:11 - 00000000 ____D () C:\Program Files (x86)\SystemHelp
2015-01-17 20:32 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 20:32 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 20:32 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 20:32 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 20:32 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 20:32 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 20:32 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 20:32 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 20:32 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 20:32 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 20:32 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 20:32 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 20:32 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 18:57 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 18:51 - 2011-09-23 01:36 - 01572985 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 17:18 - 2014-05-10 15:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-02-10 17:18 - 2012-01-14 16:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-02-08 20:40 - 2013-07-21 13:03 - 00000000 ____D () C:\Users\Owner\Downloads\~ Tunes
2015-02-08 20:29 - 2014-07-13 15:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\dvdcss
2015-02-08 17:54 - 2012-02-25 17:11 - 00000059 _____ () C:\Windows\wpd99.drv
2015-02-08 17:54 - 2012-02-25 17:11 - 00000000 ____D () C:\ProgramData\pdf995
2015-02-08 16:48 - 2013-03-31 16:38 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2015-02-08 16:48 - 2013-03-31 16:38 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2015-02-07 18:12 - 2012-01-21 00:55 - 00000000 ____D () C:\Users\Owner\Documents\Info
2015-02-07 18:07 - 2014-08-01 15:14 - 00000000 ____D () C:\Users\Owner\Documents\Examples
2015-02-06 00:06 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 00:06 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 20:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 19:43 - 2012-02-11 21:15 - 00000000 ____D () C:\Users\Owner\Documents\Resume
2015-02-04 16:47 - 2012-01-15 13:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-04 16:47 - 2012-01-14 10:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-03 06:48 - 2011-12-24 23:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-02-03 06:47 - 2010-11-20 20:47 - 00892064 _____ () C:\Windows\PFRO.log
2015-02-03 06:47 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 06:47 - 2009-07-13 21:51 - 00093552 _____ () C:\Windows\setupact.log
2015-02-03 00:19 - 2013-08-31 20:37 - 00000000 ____D () C:\Users\Owner\Downloads\Wavepad
2015-02-03 00:19 - 2012-06-10 19:49 - 00000000 ____D () C:\Users\Owner\Downloads\Adobe Photoshop CS2 9.0.2 [No-Activation]
2015-02-03 00:18 - 2011-07-15 22:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-02 19:06 - 2014-12-08 22:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 22:32 - 2012-01-21 18:06 - 00000000 ____D () C:\Users\Owner\Downloads\V41
2015-01-31 16:49 - 2012-02-09 09:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2015-01-30 20:50 - 2011-09-23 01:42 - 00000000 ____D () C:\ProgramData\Temp
2015-01-30 20:50 - 2007-01-01 18:25 - 00000000 ____D () C:\Windows\Panther
2015-01-28 21:46 - 2011-02-10 12:23 - 00000000 ____D () C:\SWSetup
2015-01-28 20:56 - 2011-07-15 22:42 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-25 22:46 - 2012-01-22 00:58 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-01-25 21:27 - 2012-02-04 19:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ahead
2015-01-25 21:27 - 2012-01-28 20:24 - 00000000 ____D () C:\Users\Owner\Downloads\iZotope RX Advanced v2.01 DX VST RTAS
2015-01-25 21:27 - 2012-01-22 00:37 - 00000000 ____D () C:\Users\Owner\Downloads\JDownloader
2015-01-25 20:59 - 2012-01-30 03:00 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-25 20:51 - 2015-01-02 16:03 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\New Version Available
2015-01-25 20:51 - 2014-12-21 10:12 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 20:51 - 2014-02-23 12:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2015-01-25 20:51 - 2012-10-31 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-01-25 20:51 - 2012-05-20 22:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Vso
2015-01-25 20:51 - 2012-01-21 22:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-01-25 19:33 - 2014-06-15 20:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-25 19:02 - 2012-03-18 12:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2015-01-25 18:35 - 2013-11-15 21:04 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 18:21 - 2012-01-14 10:01 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-25 16:54 - 2014-12-07 16:07 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 16:46 - 2009-07-13 22:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-25 16:45 - 2013-12-14 11:49 - 00000000 ____D () C:\Program Files\Google
2015-01-25 16:45 - 2013-10-13 20:05 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 16:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2015-01-25 14:55 - 2013-10-13 20:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-25 14:22 - 2012-03-18 12:13 - 00000000 ____D () C:\Users\Owner\Downloads\Firefox
2015-01-25 12:06 - 2014-01-05 18:03 - 00000000 ____D () C:\Users\Owner\Documents\Books
2015-01-24 16:24 - 2012-07-28 16:56 - 00000124 _____ () C:\Users\Owner\AppData\Roaming\default.pls
2015-01-24 14:07 - 2012-07-28 16:32 - 00007168 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 03:05 - 2013-08-04 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 03:00 - 2011-12-24 12:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-07-28 16:56 - 2015-01-24 16:24 - 0000124 _____ () C:\Users\Owner\AppData\Roaming\default.pls
2012-05-20 22:52 - 2012-05-20 22:52 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2012-05-20 22:52 - 2012-05-20 22:52 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2012-05-20 22:52 - 2012-05-20 22:52 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2012-05-20 22:53 - 2012-05-20 22:53 - 0000034 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2012-05-20 22:52 - 2012-05-20 22:52 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2012-05-20 22:54 - 2014-07-26 13:06 - 0000671 _____ () C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
2012-07-28 16:32 - 2015-01-24 14:07 - 0007168 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-18 23:54 - 2014-10-12 13:35 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-06-28 22:03 - 2013-06-28 22:03 - 0000000 _____ () C:\ProgramData\as98213.txt
2013-06-28 22:03 - 2013-06-28 22:03 - 0000150 _____ () C:\ProgramData\jial.reg

Files to move or delete:
====================
C:\ProgramData\jial.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:38

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Owner at 2015-02-10 19:33:42
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1124 - 360 Security Center)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertXtoDVD 3.4.7.121 (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.4.7.121 - )
Cool Edit Pro v1.2a (HKLM-x32\...\Cool Edit Pro v1.2a) (Version: - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Free MKV to AVI Converter (HKLM-x32\...\{E262A0A7-F5E9-4532-9C23-E88755886510}) (Version: 2.1.0.0 - http://freedomsoftwarecompany.com/)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iZotope RX 2 (HKLM-x32\...\iZotope RX 2_is1) (Version: 2.01 - iZotope, Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}) (Version: 8.3.465 - Nero AG)
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version: - )
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.05.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Signature995 (HKLM-x32\...\Signature995) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WeatherEye (HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\...\WeatherEye) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1738167360-1135782039-4165523812-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

03-02-2015 03:47:33 Windows Update
09-02-2015 23:36:57 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C014AE-0B0C-4E36-B345-91DF18615AB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {0E2A9C29-CAEB-4168-BD7B-56D48537EAA1} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {0EFD5C0E-9FF8-48D7-A61F-A1D1E202D0A8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {148F69AD-5EF9-4121-87E2-9C03E3B0E7BB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {20D8643B-3E7C-461C-BA8A-11198C4CD374} - System32\Tasks\{02F009CA-352C-4ADF-9207-B8178DE74EFC} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.0.0.120&amp;LastError=12002
Task: {3042158E-5262-4163-BE98-16CE5B5BCEC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {641D1EFF-8FB6-42A1-A5D7-473193BF9A90} - System32\Tasks\{B72B62F3-E76A-4165-9B70-6ADE2894FE02} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9D7TO1Y\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe" -d C:\Users\Owner\Desktop
Task: {67E3B564-AF51-4144-AFE4-3DB9C410D9E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {72C8B043-6214-4FB6-AE3E-A1A182688666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {87D36966-41E0-40B2-BFF1-A223DE4328AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {909B49D4-494D-4BE4-9545-CB1DC05A70F5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9151D4D3-B2C7-4EEA-B831-449C10FD88DF} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {9FAF4511-FD78-4842-B63A-59119EF43D7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B199B808-1CD3-404B-A06F-66FEF7007850} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F156069B-6F4B-47B5-B303-CFEDD8074F1D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-25 20:47 - 2015-01-22 07:42 - 00791152 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
2012-02-25 17:11 - 2012-01-09 10:37 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-01-22 00:14 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-25 20:47 - 2015-01-22 07:42 - 00612944 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2011-05-10 10:56 - 2011-05-10 10:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-25 20:47 - 2015-01-22 07:42 - 02037360 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-25 20:47 - 2015-01-22 07:42 - 00519280 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2014-10-18 16:21 - 2014-10-18 16:21 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-09-23 01:34 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26031397.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87912746.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26031397.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87912746.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1738167360-1135782039-4165523812-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1738167360-1135782039-4165523812-500 - Administrator - Disabled)
Guest (S-1-5-21-1738167360-1135782039-4165523812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1738167360-1135782039-4165523812-1004 - Limited - Enabled)
Owner (S-1-5-21-1738167360-1135782039-4165523812-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/07/2015 02:47:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/07/2015 01:50:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/07/2015 01:50:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/07/2015 01:50:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (02/10/2015 07:23:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 06:53:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 06:23:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 05:53:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 05:23:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 04:53:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 04:23:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 03:53:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 03:23:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2015 02:53:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe

Error: (02/10/2015 01:35:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe

Error: (02/08/2015 01:41:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe

Error: (02/07/2015 02:47:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (02/07/2015 01:50:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (02/07/2015 01:50:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe

Error: (02/07/2015 01:50:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 4043.86 MB
Available physical RAM: 2313.7 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5747.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:575.87 GB) (Free:392.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:16.14 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80FB4AA6)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   30.51KB   2 downloads

Edited by Oh My!, 14 February 2015 - 10:42 PM.
Logs posted


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 15 February 2015 - 10:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please let me know what problem persists.

Wait for further instructions.

#4 ch51

ch51
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 15 February 2015 - 01:23 PM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Owner at 2015-02-15 11:04:32 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 11:04:32 ====

 

-----------------------------------------------------------------------------------------------------------------------------------------------------

 

RogueKiller Report:

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 02/15/2015  11:14:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30FDC84B-B236-486B-A698-9142C2DAFF25} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BB7E7B0-2813-4655-8584-5471CB140AFF} | DhcpNameServer : 209.91.107.11 209.121.225.11 [CANADA (CA)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE0F1C56-A1DC-4079-9FBF-25FCC73468B3} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{30FDC84B-B236-486B-A698-9142C2DAFF25} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5BB7E7B0-2813-4655-8584-5471CB140AFF} | DhcpNameServer : 209.91.107.11 209.121.225.11 [CANADA (CA)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EE0F1C56-A1DC-4079-9FBF-25FCC73468B3} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{30FDC84B-B236-486B-A698-9142C2DAFF25} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5BB7E7B0-2813-4655-8584-5471CB140AFF} | DhcpNameServer : 209.91.107.11 209.121.225.11 [CANADA (CA)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EE0F1C56-A1DC-4079-9FBF-25FCC73468B3} | DhcpNameServer : 64.59.184.13 64.59.190.242 [CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1738167360-1135782039-4165523812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ljmqjqzv.default : user_pref("browser.startup.homepage", "http://expectingrain.com/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++
--- User ---
[MBR] 2a9fe33c869cdd659912f60a01faedc7
[BSP] faeda400c9d38ca0a72610f8200d496e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 589690 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1208094720 | Size: 16526 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02152015_111348.log

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

When i boot up I still get this error:

------------------------------------------------------------------------------------

Microsoft Security Client

An error has occurred in the program during initialization.

If this problem continues please contact your system administrator.

Error Code 0x80070002

------------------------------------------------------------------------------------

 

Thanks for the help so far.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 15 February 2015 - 02:28 PM

Windows Update error "0x80070002" or "0x80070003"
Please navigate to this Microsoft page and run the suggested fix for Windows 7.
http://support.microsoft.com/kb/910336

Let me know if the problem persists.

#6 ch51

ch51
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 15 February 2015 - 06:07 PM

thanks for the continued help...

 

OK - did all that - even the options.

 

Windows Update is working fine and is up to date.

 

When i boot up I still get this error:

------------------------------------------------------------------------------------

Microsoft Security Client

An error has occurred in the program during initialization.

If this problem continues please contact your system administrator.

Error Code 0x80070002

------------------------------------------------------------------------------------

 

The reason (I believe) is that Microsoft Security Essentials was partly uninstalled ...

 

It's not accessible or useable or listed as something to uninstall.

 

It's listed as an optional antivirus installed on my computer (though not actually accessible).

 

I think we need to remove it.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 16 February 2015 - 08:44 AM


Fix for your 0x80070002 error
Refer to this article.
http://windows.microsoft.com/en-ca/windows/windows-update-error-80070002#1TC=windows-7

Keep me posted.

#8 ch51

ch51
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 February 2015 - 03:30 PM

I am not at home right now but ... that link leads to all the steps that I completed yesterday.

 

If you want me to do them again I can ... but I don't think that's the issue.

 

Of course, I could be wrong.

 

Thanks for the help - please advise whether to redo yesterday's steps.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 PM

Posted 17 February 2015 - 09:19 AM

If you did the fix it for me in the first link and the manual instructions are the same then it will change anything.

This is no longer malware and not my forte.

I suggest you start aa new topic in the Windows 7 forum.
An expert may be able to help you better than I can.

The link is:
http://www.bleepingcomputer.com/forums/f/167/windows-7/

I will leave this topic open for 6 days if you need to return please do.


Edited by hamluis, 17 February 2015 - 11:16 AM.


#10 ch51

ch51
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 17 February 2015 - 10:24 AM

I have started a new topic:

 

http://www.bleepingcomputer.com/forums/t/567378/trouble-removing-mse-referred-from-and-malware-removal-logs/

 

Thanks for the help!



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:21 PM

Posted 17 February 2015 - 11:17 AM

Topic closed, OP reposted in Win 7 forum in effort to resolve non-malware issues.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users