Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Error - Tried Lots of stuff


  • This topic is locked This topic is locked
53 replies to this topic

#1 twetzel2k

twetzel2k

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 05 June 2015 - 05:23 PM

So.  I am working on a machine that is Windows 8.1.  I am getting a "Bad Image" error message with many pop ups as well as the inability to run most of my software. Shortcuts have ceased working. Errors pop up with every install of various malware or spyware removal software.
Some of the errors:
1. Skype:Skype.exe - Bad image. (mapi32.dll is not design to run on Windows or it contains errors)
2. ExpressTray.exe - Bad image
3. AsusWSPanel.exe - Bad image
4. Cannot open *.docx files anymore  My licenses have been deactivated, etc.
I am trying to install Malwarebytes now to try to fix it... but I can't even install it. I am getting "Runtime Error (at 71:100) Could not call proc."   I have talked with them directly but that doesn't seem to be working either.

I have tried the following:
1. The first thing I tried was to update the AVG virus and run a scan.  It crashes each time.  Updates refuse to go through.
2.  I looked to RESTORE.  no restore points exists, which I know is not true cause I have made several.
3. I have run ATF cleaner - all it found was cookies.
4. I ran Superspyware cleaner - nothing.
5. I uninstalled and deleted the Chrome folders.
 
My wife has a lot on this computer that we want to keep, otherwise I would just wipe it and start again.
Needing lots of help.
 
Tim
 
Mod Edit:  Merged posts, moved from AII to Malware Removal Logs - Hamluis.


Log files:
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Jen (administrator) on JEN_DESKTOP on 05-06-2015 15:51:39
Running from C:\Users\Jen\Downloads
Loaded Profiles: Jen (Available Profiles: Jen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [Amazon Music] => "C:\Users\Jen\AppData\Local\Amazon Music\Amazon Music Helper.exe"
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Startup: C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-05-11]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid=%7B76B31A4F-AD32-4615-8139-EDF05C54BF34%7D&mid=78645b50eab447cd9d0f7d6b4d6c1931-e932a093c3005307c333f9d6e9f81a8830493716&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-18%2016:56:57&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1056797999-1708525538-1822664469-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://citrix.edmc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-04-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-02-18]
Chrome:
=======
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-10-23]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (AVG Secure Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-02-18]
CHR Extension: (Google Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-18]
CHR Extension: (Bookmark Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-10-23]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-01]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-10-23]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-03-12]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-10-23]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] () [File not signed]
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S4 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [14624 2013-06-28] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-10-28] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] () [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-01] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WSDPrintDevice; C:\Windows\System32\drivers\WSDPrint.sys [20992 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\drivers\WSDScan.sys [23040 2014-10-28] (Microsoft Corporation) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 15:51 - 2015-06-05 15:54 - 00018174 _____ C:\Users\Jen\Downloads\FRST.txt
2015-06-05 15:48 - 2015-06-05 15:51 - 00000000 ____D C:\FRST
2015-06-05 15:48 - 2015-06-05 15:48 - 02108928 _____ (Farbar) C:\Users\Jen\Downloads\FRST64.exe
2015-06-05 15:47 - 2015-06-05 15:47 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Jen\Downloads\mbam-check-2.1.1.1001.exe
2015-06-04 22:12 - 2015-06-04 22:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jen\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-06-04 22:12 - 2015-06-04 22:12 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Jen\Downloads\mbam-clean-2.1.1.1001.exe
2015-06-04 21:37 - 2015-06-04 21:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jen\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 22:14 - 2015-06-04 22:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 22:13 - 2015-06-03 22:13 - 22064896 _____ (SUPERAntiSpyware) C:\Users\Jen\Downloads\SUPERAntiSpyware.exe
2015-06-03 22:12 - 2015-06-03 22:12 - 00050688 _____ (Atribune.org) C:\Users\Jen\Downloads\ATF-Cleaner.exe
2015-06-03 21:51 - 2015-06-03 21:51 - 01950720 _____ C:\Users\Jen\Downloads\AdwCleaner Setup [1].exe
2015-06-03 20:23 - 2015-06-03 20:23 - 02494944 _____ (Trend Micro Inc.) C:\Users\Jen\Downloads\HousecallLauncher64.exe
2015-06-03 20:23 - 2015-06-03 20:23 - 00000036 _____ C:\Users\Jen\AppData\Local\housecall.guid.cache
2015-06-03 20:22 - 2015-06-03 20:22 - 00000276 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}.job
2015-05-21 08:44 - 2015-05-21 08:44 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg
2015-05-20 17:54 - 2015-05-20 17:54 - 00000000 __SHD C:\found.006
2015-05-17 21:59 - 2015-05-17 21:59 - 00281104 _____ C:\WINDOWS\Minidump\051715-43750-01.dmp
2015-05-17 15:57 - 2015-06-04 22:16 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac.job
2015-05-17 15:57 - 2015-05-17 15:57 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac
2015-05-17 15:02 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-17 15:02 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-15 00:03 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:03 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:58 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 23:58 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 23:58 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 23:58 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 23:57 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 23:57 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 23:57 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-12 23:57 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 23:57 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 23:57 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 23:57 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 23:57 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 23:57 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 23:57 - 2015-04-21 12:31 - 06025728 _____ C:\WINDOWS\system32\jscript9.dll
2015-05-12 23:57 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 23:57 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 23:57 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 23:57 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 23:57 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 23:57 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 23:57 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 23:57 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 23:57 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 23:57 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 23:57 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 23:57 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 23:57 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 23:57 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 23:57 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 23:57 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 23:57 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 23:57 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 23:57 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 23:57 - 2015-04-21 11:32 - 00880128 _____ C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 23:57 - 2015-04-21 11:31 - 04305920 _____ C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 23:57 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 23:57 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 23:57 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 23:57 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 23:57 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 23:57 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 23:57 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 23:57 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 23:57 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 23:57 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 23:57 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 23:57 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 23:57 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 23:57 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 23:57 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 23:57 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 23:57 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 23:57 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 23:57 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 23:57 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 23:57 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 23:57 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 23:57 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 23:57 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 23:57 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 23:57 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 23:57 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 23:57 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 23:57 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 23:57 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 23:57 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 23:57 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 23:57 - 2015-03-12 20:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 23:57 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 23:57 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 23:57 - 2015-03-05 23:08 - 02067968 _____ C:\WINDOWS\system32\wpdshext.dll
2015-05-12 23:57 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 23:57 - 2015-03-05 22:43 - 01969664 _____ C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 23:57 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 23:57 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 23:57 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 23:57 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 23:57 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 23:57 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 15:02 - 2013-10-22 21:11 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-05 10:56 - 2013-10-22 21:11 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 22:42 - 2015-03-07 14:39 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Skype
2015-06-04 22:21 - 2013-10-20 20:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1056797999-1708525538-1822664469-1001
2015-06-04 22:20 - 2013-09-30 00:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 22:17 - 2013-11-26 23:07 - 00000000 __RDO C:\Users\Jen\SkyDrive
2015-06-04 22:17 - 2013-10-27 15:17 - 00000000 ___RD C:\Users\Jen\Google Drive
2015-06-04 22:16 - 2013-09-29 23:55 - 00055922 _____ C:\WINDOWS\PFRO.log
2015-06-04 22:16 - 2013-08-22 10:46 - 00305481 _____ C:\WINDOWS\setupact.log
2015-06-04 22:16 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-04 22:02 - 2013-10-22 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-03 22:17 - 2013-11-26 22:39 - 01875460 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-03 08:20 - 2015-02-14 21:01 - 00000000 ____D C:\ProgramData\MFAData
2015-06-03 08:18 - 2015-02-14 21:01 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2015
2015-05-29 18:24 - 2014-09-29 20:55 - 00000000 ___RD C:\Users\Jen\iCloudDrive
2015-05-25 11:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-05-25 11:15 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-22 18:31 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-05-22 18:30 - 2015-04-08 14:19 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-22 18:30 - 2015-04-08 14:19 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-21 08:45 - 2015-02-14 21:08 - 00000988 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-21 08:45 - 2015-02-14 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-20 18:04 - 2014-03-04 09:38 - 00003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}
2015-05-17 22:04 - 2013-11-26 22:27 - 00000000 ____D C:\Users\Jen
2015-05-17 21:59 - 2014-08-03 08:31 - 00000000 ____D C:\WINDOWS\Minidump
2015-05-17 15:57 - 2013-10-22 21:11 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:18 - 2013-11-16 21:14 - 00002046 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-17 15:18 - 2013-08-08 05:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-17 15:01 - 2013-08-22 10:44 - 00492448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 15:00 - 2014-01-26 16:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-17 15:00 - 2014-01-26 16:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 17:53 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-05-15 17:52 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-15 17:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 00:05 - 2013-10-22 17:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-15 00:03 - 2013-10-20 23:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-14 23:58 - 2013-10-20 23:32 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 23:56 - 2014-01-26 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 23:53 - 2013-09-29 23:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-10 16:05 - 2013-10-20 20:27 - 00000000 ____D C:\Users\Jen\AppData\Local\Packages
2015-05-10 00:56 - 2013-10-27 15:16 - 00002065 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-05-10 00:56 - 2013-10-27 15:16 - 00002063 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-10 00:56 - 2013-10-27 15:16 - 00002053 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-05-10 00:56 - 2013-10-27 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2015-06-03 20:23 - 2015-06-03 20:23 - 0000036 _____ () C:\Users\Jen\AppData\Local\housecall.guid.cache
2014-03-07 15:07 - 2014-03-15 19:15 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-02 18:50
==================== End of log ============================


Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Jen at 2015-06-05 15:54:33
Running from C:\Users\Jen\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1056797999-1708525538-1822664469-500 - Administrator - Disabled)
Guest (S-1-5-21-1056797999-1708525538-1822664469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1056797999-1708525538-1822664469-1005 - Limited - Enabled)
Jen (S-1-5-21-1056797999-1708525538-1822664469-1001 - Administrator - Enabled) => C:\Users\Jen
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
Amazon Music (HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{377C9C44-398B-6CBD-9138-F6B4AB951839}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
David and Goliath (HKLM-x32\...\David and Goliath) (Version:  - Brighter Child)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{769E695A-F93F-803E-3763-9A00A0E38786}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {006E650B-C0F4-4DA5-ADB8-C4BD9A2F842B} - \Microsoft\Windows\Shell\FamilySafetyMonitor No Task File <==== ATTENTION
Task: {067F5007-4BC8-42B8-ADD5-7FAA9EF8E22D} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {08677B6F-165C-4E97-9A3D-2FE97B178E7D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {0C6409F4-9174-415C-84AC-38611941847B} - \Microsoft\Windows\Shell\CreateObjectTask No Task File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\WINDOWS\system32\aitagent.exe [2014-10-28] ()
Task: {0DE863C4-4502-4FC2-A684-0F228AD1D306} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-10-28] ()
Task: {1191271C-5F97-4AAB-B0F3-5475ECA0A84F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1A81E14A-B6DB-4BB7-AC9D-8075D4EDBA27} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1BAA4187-B5C5-4907-9BD2-76EC04A14197} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
Task: {22AD8AB2-957A-4B75-BE3D-8ACE325F5BC6} - \Microsoft\Windows\Shell\FamilySafetyUpload No Task File <==== ATTENTION
Task: {261DF6D4-FF9C-4BCD-BF2E-40E62BE1A016} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {37D26790-4F1D-479D-86FE-71BB17B021C4} - System32\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3AFB13E0-5B1D-4D42-848A-DCE2E4C256E8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2014-10-28] ()
Task: {446C95D3-826A-4224-8815-30CDA5091903} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {481DE835-E14C-4A23-A132-448ED08A5C67} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4F26D020-03CC-4CBF-8B30-07D88AB63B02} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe [2015-03-21] ()
Task: {54F2C319-7260-4166-9B98-B584DA3FDA51} - \Microsoft\Windows\Shell\FamilySafetyRefresh No Task File <==== ATTENTION
Task: {7A1CA63A-3611-4E61-AAFA-1B56F8746F3A} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
Task: {7AF46C7E-346E-4D11-A3F0-CDBAF0A196E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {7FF3766F-9B9C-42C0-AE89-ED34904DF994} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {80179FF8-1CBA-4368-B75E-5A2AC02504D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8D37FCCF-7F1F-4034-A7F8-364F0D69938B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {966F0D2F-255C-4319-970D-5AD3BB01D2E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9834E16E-69EB-42EB-8A3A-E9A01835B3A7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {A98AD887-1E81-47AF-B3DF-F06329AB67E5} - \Microsoft\Windows\Shell\IndexerAutomaticMaintenance No Task File <==== ATTENTION
Task: {BCB9433D-6CF2-452F-A08C-501DD7F597E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BEB76E27-2B39-4002-B5D2-CABA4E71E85A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {CBD3EF37-0E38-431A-A6E8-607C56893A63} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2014-10-28] ()
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications
Task: {FB7C7C4E-75FD-45B2-8DF0-D0CE2441E024} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: C:\WINDOWS\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-18 17:56 - 2015-04-01 12:24 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-07 14:51 - 2014-10-29 00:10 - 00177688 _____ () C:\WINDOWS\SYSTEM32\Wscapi.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-06-04 22:16 - 2015-06-04 22:16 - 00098816 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32api.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00110080 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\pywintypes27.dll
2015-06-04 22:16 - 2015-06-04 22:16 - 00364544 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\pythoncom27.dll
2015-06-04 22:16 - 2015-06-04 22:16 - 00045568 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_socket.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 01161216 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_ssl.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00320512 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00713216 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_hashlib.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 01175040 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._core_.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00805888 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00811008 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._windows_.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 01062400 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._controls_.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00735232 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._misc_.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00682496 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00128512 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_elementtree.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00127488 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\pyexpat.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00087552 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_ctypes.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00119808 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32file.pyd
2013-08-22 07:42 - 2013-08-22 07:41 - 00003072 _____ () C:\WINDOWS\SYSTEM32\sfc.dll
2015-06-04 22:16 - 2015-06-04 22:16 - 00108544 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32security.pyd
2013-08-22 07:43 - 2013-08-22 07:43 - 00005120 _____ () C:\WINDOWS\SYSTEM32\security.dll
2015-06-04 22:16 - 2015-06-04 22:16 - 00007168 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\hashobjs_ext.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00017408 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\usb_ext.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00167936 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32gui.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00018432 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32event.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00013824 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\common.time34.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00036864 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_psutil_windows.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00038912 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32inet.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00011264 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32crypt.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00070656 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._html2.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00027136 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_multiprocessing.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00020480 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\_yappi.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00035840 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32process.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00686080 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\unicodedata.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00122368 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._wizard.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00024064 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32pipe.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00010240 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\select.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00025600 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32pdh.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00525640 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\windows._lib_cacheinvalidation.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00017408 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32profile.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00022528 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\win32ts.pyd
2015-06-04 22:16 - 2015-06-04 22:16 - 00078336 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI31722\wx._animate.pyd
2015-02-18 17:56 - 2015-04-01 12:24 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-05-12 23:57 - 2015-04-21 12:31 - 06025728 _____ () C:\Windows\SYSTEM32\jscript9.dll
2015-03-07 14:56 - 2014-10-28 21:35 - 03256320 _____ () C:\WINDOWS\System32\Wpc.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Jen\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img8.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DE1907C-582C-406A-A2E2-83E958D15024}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E4090DC-4D42-4C89-9151-BACF62E74C03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{499E2A29-12AC-498F-B547-59D5521585D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6B7C830-576D-4B69-8B09-7F4EC0EFBEEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6840F21-0361-4112-AD17-FE1AD4C8407E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2F634242-9290-46AC-B402-F43FD1C96E6B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B119FFF4-CA48-4CBA-8DA1-34DD5E6B9A2F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2093C492-005B-43D4-A122-CC6C3BE52E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{987AAEFA-100F-460F-8D94-1AD18C4CE0F6}] => (Allow) LPort=1900
FirewallRules: [{E9DD857A-1ACE-4BE6-9C2A-9F46B469FF5F}] => (Allow) LPort=2869
FirewallRules: [{260E5F58-ECBF-4BAA-A7F5-57B4CBA6A1BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9AE7D51A-29EF-4ABC-BE02-3A6485EADB9C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B9842DB2-59D5-4367-95A1-4ABF81395B7D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1C2A4A8F-DB09-4E65-9D15-EB57D7F28147}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{10C52230-1DB4-4374-A19E-2A036E5AC9F2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B1E6AB2-CFDF-488B-A5D6-FDC70A79533C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5AA1B3DB-8161-4962-A2C9-EF9D3BC9E92E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{49A90297-D235-4AD6-B956-31FD91AD6CCD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7AAFB7DD-2840-4D44-98D6-279324B6E3C9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{42E52547-84AB-413C-8C3E-DF6C1D052EA7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{12B3BDB1-94AF-4AC0-8542-8B96F672BF20}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{406AE13B-AE2C-47CC-BC94-1ED857F30973}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{629D2774-F30B-404D-AEDA-7B399008D85A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E4D8A00F-AC9F-4772-8536-595D3BFE9979}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A4EDEA9C-375D-4D12-AF99-57311F2099EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{11122BF6-AC6C-471A-8FF8-05F60841CF72}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E550212D-C9BA-4F22-8AAB-63A88C5E6C7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8B7900AF-2E42-4258-BACE-D90AB2C7088E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9798F574-215D-4DBC-9539-212CCDDB5C97}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A04131EC-41E4-45B5-9FE7-AFCA3B0DF077}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
14.0.370.400
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
14.0.370.400
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
14.0.370.400
Error: (06/05/2015 03:45:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/05/2015 03:45:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/05/2015 03:45:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/05/2015 03:40:12 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070570, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
Error: (06/05/2015 03:39:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070570, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
Error: (06/05/2015 03:38:04 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070570, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
Error: (06/05/2015 03:37:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070570, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
System errors:
=============
Error: (06/05/2015 03:54:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1035 time(s).
Error: (06/05/2015 03:54:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392
Error: (06/05/2015 03:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1034 time(s).
Error: (06/05/2015 03:54:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392
Error: (06/05/2015 03:53:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1033 time(s).
Error: (06/05/2015 03:53:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392
Error: (06/05/2015 03:53:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1032 time(s).
Error: (06/05/2015 03:53:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392
Error: (06/05/2015 03:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1031 time(s).
Error: (06/05/2015 03:52:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392
Microsoft Office:
=========================
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x8007000514.0.370.400
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x8007000514.0.370.400
Error: (06/05/2015 03:50:38 PM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x8007000514.0.370.400
Error: (06/05/2015 03:45:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927148
Error: (06/05/2015 03:45:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927148
Error: (06/05/2015 03:45:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEN_DESKTOP)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927148
Error: (06/05/2015 03:40:12 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x80070570Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
Error: (06/05/2015 03:39:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x80070570Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
Error: (06/05/2015 03:38:04 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x80070570Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
Error: (06/05/2015 03:37:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x80070570Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
CodeIntegrity Errors:
===================================
  Date: 2015-06-04 22:17:28.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2015-06-04 21:50:52.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDPrint.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2015-06-04 21:50:52.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2015-06-04 21:28:25.539
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2015-06-02 18:44:50.339
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2015-02-14 17:42:24.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-02-14 17:42:23.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-02-14 17:42:23.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-02-14 17:42:23.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-02-14 17:42:23.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 19%
Total physical RAM: 7368.32 MB
Available physical RAM: 5966.94 MB
Total Pagefile: 14792.32 MB
Available Pagefile: 13323.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:149.66 GB) (Free:36.45 GB) NTFS
Drive d: (Data) (Fixed) (Total:763.41 GB) (Free:717.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9A55A946)
Partition: GPT Partition Type.
==================== End of log ============================


I ran RKill to see if I could install Malwarebytes.    This is RKill results:
 
I still could not install it.  I also could not run AVG or update it.
 
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/06/2015 08:49:15 AM in x64 mode.
Windows Version: Windows 8.1
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
 * No issues found.
Searching for Missing Digital Signatures:
 * C:\WINDOWS\System32\d3d9.dll : 2,229,168 : 10/29/2014 00:00 AM : 65fd88b1a436904bf053bb8192c5cbfc [NoSig]
 +-> C:\WINDOWS\SysWOW64\d3d9.dll : 1,907,384 : 10/28/2014 11:12 PM : 0936955770489965eb9041d00636369d [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.16384_none_b30bccb034bd3c6d\d3d9.dll : 200,314 : 12/09/2013 04:58 PM : 53c743effce294fed3b7969ab6c1b327 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.16404_none_b3624df6347c5a0c\d3d9.dll : 264,095 : 06/13/2014 01:22 PM : fe1ce2c06f98d6e1dabd5ab77d16be38 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17088_none_b30fb15e34b9c3f5\d3d9.dll : 2,124,840 : 04/03/2014 04:12 AM : 8ecebee92854c6705877911ba75889a8 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17095_none_b301e09434c493e1\d3d9.dll : 2,125,344 : 04/14/2014 05:37 AM : c1e44a99f7cf8c3a08cd5addf451636c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17415_none_b358678c3483a8f5\d3d9.dll : 2,229,168 : 10/29/2014 00:00 AM : 65fd88b1a436904bf053bb8192c5cbfc [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.16384_none_56ed312c7c5fcb37\d3d9.dll : 184,278 : 12/09/2013 05:10 PM : d6e8fc991c4edb8638f0f6135cf7f890 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.16404_none_5743b2727c1ee8d6\d3d9.dll : 232,369 : 06/13/2014 01:49 PM : 543b0c889996729ff86b5a1934b7f0e4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17088_none_56f115da7c5c52bf\d3d9.dll : 1,797,896 : 04/02/2014 11:53 PM : 8ead5f0bc40579b106cdd9d2591cfec5 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17095_none_56e345107c6722ab\d3d9.dll : 1,797,896 : 04/14/2014 04:08 AM : 949e0e42daad0418513b44c31a697ca5 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.3.9600.17415_none_5739cc087c2637bf\d3d9.dll : 1,907,384 : 10/28/2014 11:12 PM : 0936955770489965eb9041d00636369d [Pos Repl]
 * C:\WINDOWS\System32\ddraw.dll : 594,944 : 10/28/2014 09:07 PM : 8996f6a1a3262bc3f2e94064c3939e9d [NoSig]
 +-> C:\WINDOWS\SysWOW64\ddraw.dll : 544,256 : 10/28/2014 08:52 PM : cd93ffc9f5bb556cd032012331c45cd4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.3.9600.16384_none_f5c402f793f84531\ddraw.dll : 580,096 : 08/22/2013 05:34 AM : 854da94b8cb68d74cb7480b2f426ca2a [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.3.9600.17415_none_f6109dd393beb1b9\ddraw.dll : 594,944 : 10/28/2014 09:07 PM : 8996f6a1a3262bc3f2e94064c3939e9d [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.3.9600.16384_none_99a56773db9ad3fb\ddraw.dll : 527,872 : 08/21/2013 10:33 PM : dee4954653ff7d6d8a5c6b82b95e938a [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.3.9600.17415_none_99f2024fdb614083\ddraw.dll : 544,256 : 10/28/2014 08:52 PM : cd93ffc9f5bb556cd032012331c45cd4 [Pos Repl]
 * C:\WINDOWS\System32\sfc.dll : 3,072 : 08/22/2013 07:41 AM : 92d43e43052a2fbb9b550142764408bf [NoSig]
 +-> C:\WINDOWS\SysWOW64\sfc.dll : 3,072 : 08/22/2013 00:13 AM : 3aa79a83ec7d1b16d296029035a9c399 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.3.9600.16384_none_97f423573028abec\sfc.dll : 3,072 : 08/22/2013 07:41 AM : 92d43e43052a2fbb9b550142764408bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.3.9600.17415_none_9840be332fef1874\sfc.dll : 3,072 : 08/22/2013 07:41 AM : 92d43e43052a2fbb9b550142764408bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-sfc_31bf3856ad364e35_6.3.9600.16384_none_3bd587d377cb3ab6\sfc.dll : 3,072 : 08/22/2013 00:13 AM : 3aa79a83ec7d1b16d296029035a9c399 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_microsoft-windows-sfc_31bf3856ad364e35_6.3.9600.17415_none_3c2222af7791a73e\sfc.dll : 3,072 : 08/22/2013 00:13 AM : 3aa79a83ec7d1b16d296029035a9c399 [Pos Repl]
 * C:\WINDOWS\System32\wuauclt.exe : 133,256 : 03/14/2015 04:54 AM : 4fda1bc33c2c0b634285578985c91370 [NoSig]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.16403_none_427f89d0c0fb4382\wuauclt.exe : 2,140 : 12/09/2013 05:02 PM : 4d8a1abd1914dd7e0ffcd85b6c754700 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.16422_none_4268e9aec10c620d\wuauclt.exe : 5,022 : 06/27/2014 01:48 PM : 0194ecbad6e4f09ba38ca6067e659c27 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17031_none_425cfb18c11589ac\wuauclt.exe : 5,110 : 06/27/2014 01:48 PM : 032c1fb3a5d9479ea816c4f270594e6c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17092_none_421d1bdac1454aa9\wuauclt.exe : 54,776 : 04/09/2014 08:00 AM : ed6a11f4562f89f559243ac87b01dbf4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17093_none_421e1c24c1446400\wuauclt.exe : 1,503 : 07/14/2014 06:33 PM : 7d96d3393d973798c27815e3069d0f8f [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17112_none_42739d20c1046848\wuauclt.exe : 54,776 : 05/01/2014 09:19 AM : dee3131d604da3d424b9a8987c15fa32 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17195_none_42201e9ec14293d5\wuauclt.exe : 54,776 : 05/31/2014 06:07 AM : 4a12c727502a07c4b89b663b942df289 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17238_none_426400eac10f355b\wuauclt.exe : 54,752 : 07/24/2014 11:25 AM : 3ab9868e0e78ad9cd501b83d7c293125 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17336_none_4262023cc110ffd4\wuauclt.exe : 54,752 : 09/07/2014 11:15 PM : 5e89ec6165e545b77122227e1dffa23a [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17404_none_42807352c0fa767a\wuauclt.exe : 55,776 : 10/18/2014 05:55 AM : ea2df5520d3623f353f43809a2f88086 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17415_none_4276a3b0c101abc2\wuauclt.exe : 55,776 : 10/28/2014 11:59 PM : 6da660f80d71f40790d357c8b66dfa28 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17729_none_426fda9ec1062484\wuauclt.exe : 133,256 : 03/14/2015 04:54 AM : 4fda1bc33c2c0b634285578985c91370 [Pos Repl]
Checking HOSTS File:
 * No issues found.
Program finished at: 06/06/2015 08:52:21 AM
Execution time: 0 hours(s), 3 minute(s), and 5 seconds(s)

Edited by hamluis, 06 June 2015 - 08:33 AM.
Moved from Win 8 to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 10 June 2015 - 05:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578539 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 10 June 2015 - 08:56 PM

I am on a Windows 8.1 machine



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 12 June 2015 - 08:38 PM

Greetings twetzel2k and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please move FRST.exe from your Downloads folder onto the Desktop then do this.

===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
Task: {006E650B-C0F4-4DA5-ADB8-C4BD9A2F842B} - \Microsoft\Windows\Shell\FamilySafetyMonitor No Task File <==== ATTENTION
Task: {0C6409F4-9174-415C-84AC-38611941847B} - \Microsoft\Windows\Shell\CreateObjectTask No Task File <==== ATTENTION
Task: {22AD8AB2-957A-4B75-BE3D-8ACE325F5BC6} - \Microsoft\Windows\Shell\FamilySafetyUpload No Task File <==== ATTENTION
Task: {261DF6D4-FF9C-4BCD-BF2E-40E62BE1A016} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {54F2C319-7260-4166-9B98-B584DA3FDA51} - \Microsoft\Windows\Shell\FamilySafetyRefresh No Task File <==== ATTENTION
Task: {8D37FCCF-7F1F-4034-A7F8-364F0D69938B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {A98AD887-1E81-47AF-B3DF-F06329AB67E5} - \Microsoft\Windows\Shell\IndexerAutomaticMaintenance No Task File <==== ATTENTION
C:\Users\Jen\AppData\Local\Temp\_MEI31722
cmd: copy /y C:\WINDOWS\SysWOW64\d3d9.dll C:\WINDOWS\System32
cmd: copy /y C:\WINDOWS\SysWOW64\ddraw.dll C:\WINDOWS\System32
cmd: copy /y C:\WINDOWS\SysWOW64\sfc.dll C:\WINDOWS\System32
cmd: copy /y C:\WINDOWS\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17092_none_421d1bdac1454aa9\wuauclt.exe C:\WINDOWS\System32
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 13 June 2015 - 12:17 PM

Ran JRT.exe and got another Bad Image Error: wer.dll at about the 1/3 mark of the progress bar.

Upon hitting OK, got cmd.exe Application Error: "The instruction at 0x77a114ee referenced memory at 0x00cdd5e1. The memory could not be read. Click Ok to terminate the program."

I stopped there instead of going further.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 13 June 2015 - 06:15 PM

Greetings,

Let's do this.

===================================================

Run sfc /scannow from Elevated Command

--------------------
  • Click Start and Type cmd
  • Right click on cmd.exe above and select Run as Administrator
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found right click inside the command window, click Select All, and hit the ctrl+C keys at the same time to copy the text
  • Right click inside the topic Reply window and select Paste to include the information in your reply
===================================================

Please run a FRST scan making sure to place a check mark in Addition.txt and post both logs.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SFC results
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 13 June 2015 - 09:43 PM

I am on Windows 8.1. Hit Windows + X and ran Admin command.exe as requested. It asks for permission to change as normal, then tries to open the window. Then this error message pops up:

cmd.exe has stopped working .. Close Program.

Then the CMD window closes. However, I CAN run it as a non - admin without any errors, but cannot run the necessary scan.

I did run the FRST scan. Although I got bad image errors all through out its scan.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Jen (administrator) on JEN_DESKTOP on 13-06-2015 22:45:27
Running from C:\Users\Jen\Desktop
Loaded Profiles: Jen (Available Profiles: Jen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] ()
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [Amazon Music] => "C:\Users\Jen\AppData\Local\Amazon Music\Amazon Music Helper.exe"
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
Startup: C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-05-11]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid=%7B76B31A4F-AD32-4615-8139-EDF05C54BF34%7D&mid=78645b50eab447cd9d0f7d6b4d6c1931-e932a093c3005307c333f9d6e9f81a8830493716&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-18%2016:56:57&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1056797999-1708525538-1822664469-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://citrix.edmc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-04-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-02-18]

Chrome:
=======
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-10-23]
CHR Extension: (Google Docs) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-22]
CHR Extension: (Google Drive) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-22]
CHR Extension: (YouTube) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-22]
CHR Extension: (AVG Secure Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-02-18]
CHR Extension: (Google Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-18]
CHR Extension: (Bookmark Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (feedly) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-10-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-01]
CHR Extension: (feedly) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (No Name) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-03-12]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-22]
CHR HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] () [File not signed]
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S4 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [0 2013-06-28] () <==== ATTENTION (zero byte File/Folder)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-10-28] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [0 2015-02-03] () <==== ATTENTION (zero byte File/Folder)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-01] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WSDPrintDevice; C:\Windows\System32\drivers\WSDPrint.sys [20992 2013-08-22] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\drivers\WSDScan.sys [23040 2014-10-28] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 22:45 - 2015-06-13 22:46 - 00018998 _____ C:\Users\Jen\Desktop\FRST.txt
2015-06-13 22:45 - 2015-06-13 22:45 - 00000000 ____D C:\Users\Jen\Desktop\FRST-OlderVersion
2015-06-13 13:16 - 2015-06-13 13:16 - 02943739 _____ (Thisisu) C:\Users\Jen\Desktop\JRT.exe
2015-06-07 16:52 - 2015-06-07 16:52 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill64-2962.com
2015-06-07 16:52 - 2015-06-07 16:52 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill64.com
2015-06-07 16:51 - 2015-06-07 16:51 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill.com
2015-06-07 16:51 - 2015-06-07 16:51 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill (1).exe
2015-06-07 16:42 - 2015-06-07 16:42 - 00000000 ____D C:\Users\Jen\Downloads\New folder
2015-06-07 16:36 - 2015-06-07 16:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jen\Downloads\info.com
2015-06-06 19:47 - 2015-06-07 07:07 - 00000912 _____ C:\Users\Jen\AppData\Roaming\burnaware.ini
2015-06-06 19:46 - 2015-06-06 19:46 - 00001077 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2015-06-06 19:46 - 2015-06-06 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2015-06-06 19:46 - 2015-06-06 19:46 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2015-06-06 19:43 - 2015-06-06 19:43 - 08424456 _____ (Burnaware ) C:\Users\Jen\Downloads\burnaware_free.exe
2015-06-06 14:19 - 2015-06-06 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-06-06 14:07 - 2015-06-06 14:07 - 00004128 ____N C:\bootsqm.dat
2015-06-06 14:06 - 2015-06-06 14:06 - 00000000 __SHD C:\found.007
2015-06-06 13:08 - 2015-06-06 14:19 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-06-06 12:45 - 2015-06-06 12:45 - 00000000 ____D C:\ProgramData\SUPERSetup
2015-06-06 12:23 - 2015-06-06 12:23 - 00000806 _____ C:\Users\Jen\Downloads\FixExe.reg
2015-06-06 12:18 - 2015-06-06 12:18 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-06 12:18 - 2015-06-06 12:18 - 00000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c4b74631-657a-4a69-b5ed-66267416be69.job
2015-06-06 12:18 - 2015-06-06 12:18 - 00000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 46e0eef3-afff-4cf0-8e02-cfc7f5cfce03.job
2015-06-06 12:18 - 2015-06-06 12:18 - 00000000 ____D C:\Users\Jen\AppData\Roaming\SUPERAntiSpyware.com
2015-06-06 12:18 - 2015-06-06 12:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-06 12:18 - 2015-06-06 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-06 12:15 - 2015-06-06 12:15 - 22061992 _____ (SUPERAntiSpyware) C:\Users\Jen\Downloads\SUPERAntiSpyware.exe
2015-06-06 08:46 - 2015-06-07 17:57 - 00018244 _____ C:\Users\Jen\Desktop\Rkill.txt
2015-06-06 08:46 - 2015-06-06 08:46 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill.exe
2015-06-06 08:46 - 2015-06-06 08:46 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jen\Downloads\rkill64.exe
2015-06-05 16:09 - 2015-06-05 16:09 - 00014353 _____ C:\Users\Jen\Downloads\CheckResults.txt
2015-06-05 15:54 - 2015-06-05 15:54 - 00039150 _____ C:\Users\Jen\Downloads\Addition.txt
2015-06-05 15:51 - 2015-06-05 15:54 - 00035562 _____ C:\Users\Jen\Downloads\FRST.txt
2015-06-05 15:48 - 2015-06-13 22:45 - 02109952 _____ (Farbar) C:\Users\Jen\Desktop\FRST64.exe
2015-06-05 15:48 - 2015-06-13 22:45 - 00000000 ____D C:\FRST
2015-06-05 15:47 - 2015-06-05 15:47 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Jen\Downloads\mbam-check-2.1.1.1001.exe
2015-06-04 22:12 - 2015-06-04 22:12 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Jen\Downloads\mbam-clean-2.1.1.1001.exe
2015-06-03 22:14 - 2015-06-06 12:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 20:23 - 2015-06-03 20:23 - 00000036 _____ C:\Users\Jen\AppData\Local\housecall.guid.cache
2015-06-03 20:22 - 2015-06-03 20:22 - 00000276 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}.job
2015-05-21 08:44 - 2015-05-21 08:44 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg
2015-05-20 17:54 - 2015-05-20 17:54 - 00000000 __SHD C:\found.006
2015-05-17 21:59 - 2015-05-17 21:59 - 00281104 _____ C:\WINDOWS\Minidump\051715-43750-01.dmp
2015-05-17 15:57 - 2015-06-13 22:32 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac.job
2015-05-17 15:57 - 2015-05-17 15:57 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac
2015-05-17 15:02 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-17 15:02 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-15 00:03 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:03 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 22:38 - 2013-09-30 00:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-13 22:37 - 2013-10-20 20:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1056797999-1708525538-1822664469-1001
2015-06-13 22:34 - 2013-11-26 23:07 - 00000000 ___DO C:\Users\Jen\SkyDrive
2015-06-13 22:33 - 2015-03-07 14:39 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Skype
2015-06-13 22:33 - 2013-10-27 15:17 - 00000000 ___RD C:\Users\Jen\Google Drive
2015-06-13 22:32 - 2013-11-26 22:27 - 00000000 ____D C:\Users\Jen
2015-06-13 22:32 - 2013-10-22 21:11 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-13 22:32 - 2013-08-22 10:46 - 00306174 _____ C:\WINDOWS\setupact.log
2015-06-13 22:32 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-13 17:02 - 2013-10-22 21:11 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-07 14:52 - 2013-09-29 23:55 - 00077012 _____ C:\WINDOWS\PFRO.log
2015-06-06 17:15 - 2013-08-12 03:12 - 00000000 _____ C:\Recovery.txt
2015-06-04 22:02 - 2013-10-22 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-03 22:17 - 2013-11-26 22:39 - 01875460 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-03 08:20 - 2015-02-14 21:01 - 00000000 ____D C:\ProgramData\MFAData
2015-06-03 08:18 - 2015-02-14 21:01 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2015
2015-05-29 18:24 - 2014-09-29 20:55 - 00000000 ___RD C:\Users\Jen\iCloudDrive
2015-05-25 11:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-05-25 11:15 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-22 18:31 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-05-22 18:30 - 2015-04-08 14:19 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-22 18:30 - 2015-04-08 14:19 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-21 08:45 - 2015-02-14 21:08 - 00000988 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-21 08:45 - 2015-02-14 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-20 18:04 - 2014-03-04 09:38 - 00003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}
2015-05-17 21:59 - 2014-08-03 08:31 - 00000000 ____D C:\WINDOWS\Minidump
2015-05-17 15:57 - 2013-10-22 21:11 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:18 - 2013-11-16 21:14 - 00002046 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-17 15:18 - 2013-08-08 05:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-17 15:01 - 2013-08-22 10:44 - 00492448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 15:00 - 2014-01-26 16:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-17 15:00 - 2014-01-26 16:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 17:53 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-05-15 17:52 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-15 17:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 00:05 - 2013-10-22 17:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-15 00:03 - 2013-10-20 23:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-14 23:58 - 2013-10-20 23:32 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 23:56 - 2014-01-26 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 23:53 - 2013-09-29 23:51 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-06-06 19:47 - 2015-06-07 07:07 - 0000912 _____ () C:\Users\Jen\AppData\Roaming\burnaware.ini
2015-06-03 20:23 - 2015-06-03 20:23 - 0000036 _____ () C:\Users\Jen\AppData\Local\housecall.guid.cache
2014-03-07 15:07 - 2014-03-15 19:15 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\davhlpr.dll
C:\Windows\SysWOW64\drprov.dll
C:\Windows\SysWOW64\dtsh.dll
C:\Windows\SysWOW64\mapi32.dll
C:\Windows\SysWOW64\MrmCoreR.dll
C:\Windows\SysWOW64\networkexplorer.dll
C:\Windows\SysWOW64\oledlg.dll
C:\Windows\SysWOW64\pcacli.dll
C:\Windows\SysWOW64\vfwwdm32.dll
C:\Windows\SysWOW64\WWAHost.exe
C:\Windows\System32\accessibilitycpl.dll
C:\Windows\System32\aeevts.dll
C:\Windows\System32\bitsprx2.dll
C:\Windows\System32\bitsprx3.dll
C:\Windows\System32\bitsprx7.dll
C:\Windows\System32\DDORes.dll
C:\Windows\System32\DeviceDisplayStatusManager.dll
C:\Windows\System32\dfdts.dll
C:\Windows\System32\fhtask.dll
C:\Windows\System32\gameux.dll
C:\Windows\System32\mfmp4srcsnk.dll
C:\Windows\System32\mmres.dll
C:\Windows\System32\odbc32.dll
C:\Windows\System32\printui.dll
C:\Windows\System32\pstask.dll
C:\Windows\System32\sdclt.exe
C:\Windows\System32\TaskSchdPS.dll
C:\Windows\System32\tzsyncres.dll
C:\Windows\System32\Windows.Globalization.Fontgroups.dll
C:\Windows\System32\WpcWebSync.dll
C:\Windows\System32\wups.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-02 18:50

==================== End of log ============================


Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Jen at 2015-06-13 22:47:03
Running from C:\Users\Jen\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1056797999-1708525538-1822664469-500 - Administrator - Disabled)
Guest (S-1-5-21-1056797999-1708525538-1822664469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1056797999-1708525538-1822664469-1005 - Limited - Enabled)
Jen (S-1-5-21-1056797999-1708525538-1822664469-1001 - Administrator - Enabled) => C:\Users\Jen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
Amazon Music (HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{377C9C44-398B-6CBD-9138-F6B4AB951839}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 8.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
David and Goliath (HKLM-x32\...\David and Goliath) (Version: - Brighter Child)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{769E695A-F93F-803E-3763-9A00A0E38786}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {067F5007-4BC8-42B8-ADD5-7FAA9EF8E22D} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {08677B6F-165C-4E97-9A3D-2FE97B178E7D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\WINDOWS\system32\aitagent.exe [2014-10-28] ()
Task: {0DE863C4-4502-4FC2-A684-0F228AD1D306} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-10-28] ()
Task: {1191271C-5F97-4AAB-B0F3-5475ECA0A84F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1A81E14A-B6DB-4BB7-AC9D-8075D4EDBA27} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {1BAA4187-B5C5-4907-9BD2-76EC04A14197} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
Task: {37D26790-4F1D-479D-86FE-71BB17B021C4} - System32\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3AFB13E0-5B1D-4D42-848A-DCE2E4C256E8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2014-10-28] ()
Task: {446C95D3-826A-4224-8815-30CDA5091903} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {481DE835-E14C-4A23-A132-448ED08A5C67} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4F26D020-03CC-4CBF-8B30-07D88AB63B02} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe [2015-03-21] ()
Task: {7A1CA63A-3611-4E61-AAFA-1B56F8746F3A} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
Task: {7AF46C7E-346E-4D11-A3F0-CDBAF0A196E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {7FF3766F-9B9C-42C0-AE89-ED34904DF994} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {80179FF8-1CBA-4368-B75E-5A2AC02504D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {966F0D2F-255C-4319-970D-5AD3BB01D2E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9834E16E-69EB-42EB-8A3A-E9A01835B3A7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {BCB9433D-6CF2-452F-A08C-501DD7F597E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BEB76E27-2B39-4002-B5D2-CABA4E71E85A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {CBD3EF37-0E38-431A-A6E8-607C56893A63} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2014-10-28] ()
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications
Task: {FB7C7C4E-75FD-45B2-8DF0-D0CE2441E024} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: C:\WINDOWS\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043b7e393a1ac.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 46e0eef3-afff-4cf0-8e02-cfc7f5cfce03.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c4b74631-657a-4a69-b5ed-66267416be69.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1184E73-E033-4085-B132-8815BC8E3979}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-18 17:56 - 2015-04-01 12:24 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-07 14:51 - 2014-10-29 00:10 - 00177688 _____ () C:\WINDOWS\SYSTEM32\Wscapi.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-02 12:58 - 2015-04-02 12:58 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-06-13 22:32 - 2015-06-13 22:32 - 00098816 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32api.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00110080 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\pywintypes27.dll
2015-06-13 22:32 - 2015-06-13 22:32 - 00364544 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\pythoncom27.dll
2015-06-13 22:32 - 2015-06-13 22:32 - 00045568 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_socket.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 01161216 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_ssl.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00320512 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32com.shell.shell.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00713216 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_hashlib.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 01175040 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._core_.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00805888 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._gdi_.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00811008 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._windows_.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 01062400 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._controls_.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00735232 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._misc_.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00682496 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\pysqlite2._sqlite.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00128512 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_elementtree.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00127488 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\pyexpat.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00087552 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_ctypes.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00119808 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32file.pyd
2013-08-22 07:42 - 2013-08-22 07:41 - 00003072 _____ () C:\WINDOWS\SYSTEM32\sfc.dll
2015-06-13 22:32 - 2015-06-13 22:32 - 00108544 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32security.pyd
2013-08-22 07:43 - 2013-08-22 07:43 - 00005120 _____ () C:\WINDOWS\SYSTEM32\security.dll
2015-06-13 22:32 - 2015-06-13 22:32 - 00007168 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\hashobjs_ext.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00017408 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\usb_ext.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00167936 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32gui.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00018432 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32event.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00013824 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\common.time34.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00036864 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_psutil_windows.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00038912 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32inet.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00011264 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32crypt.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00070656 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._html2.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00027136 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_multiprocessing.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00020480 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\_yappi.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00035840 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32process.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00686080 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\unicodedata.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00122368 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._wizard.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00024064 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32pipe.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00010240 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\select.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00025600 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32pdh.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00525640 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\windows._lib_cacheinvalidation.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00017408 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32profile.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00022528 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\win32ts.pyd
2015-06-13 22:32 - 2015-06-13 22:32 - 00078336 _____ () C:\Users\Jen\AppData\Local\Temp\_MEI30922\wx._animate.pyd
2015-05-12 23:57 - 2015-04-21 12:31 - 06025728 _____ () C:\Windows\SYSTEM32\jscript9.dll
2015-02-18 17:56 - 2015-04-01 12:24 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jen\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1056797999-1708525538-1822664469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img8.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DE1907C-582C-406A-A2E2-83E958D15024}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E4090DC-4D42-4C89-9151-BACF62E74C03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{499E2A29-12AC-498F-B547-59D5521585D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6B7C830-576D-4B69-8B09-7F4EC0EFBEEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6840F21-0361-4112-AD17-FE1AD4C8407E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2F634242-9290-46AC-B402-F43FD1C96E6B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B119FFF4-CA48-4CBA-8DA1-34DD5E6B9A2F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2093C492-005B-43D4-A122-CC6C3BE52E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{987AAEFA-100F-460F-8D94-1AD18C4CE0F6}] => (Allow) LPort=1900
FirewallRules: [{E9DD857A-1ACE-4BE6-9C2A-9F46B469FF5F}] => (Allow) LPort=2869
FirewallRules: [{260E5F58-ECBF-4BAA-A7F5-57B4CBA6A1BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9AE7D51A-29EF-4ABC-BE02-3A6485EADB9C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B9842DB2-59D5-4367-95A1-4ABF81395B7D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1C2A4A8F-DB09-4E65-9D15-EB57D7F28147}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{10C52230-1DB4-4374-A19E-2A036E5AC9F2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B1E6AB2-CFDF-488B-A5D6-FDC70A79533C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5AA1B3DB-8161-4962-A2C9-EF9D3BC9E92E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{49A90297-D235-4AD6-B956-31FD91AD6CCD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7AAFB7DD-2840-4D44-98D6-279324B6E3C9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{42E52547-84AB-413C-8C3E-DF6C1D052EA7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{12B3BDB1-94AF-4AC0-8542-8B96F672BF20}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{406AE13B-AE2C-47CC-BC94-1ED857F30973}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{629D2774-F30B-404D-AEDA-7B399008D85A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E4D8A00F-AC9F-4772-8536-595D3BFE9979}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A4EDEA9C-375D-4D12-AF99-57311F2099EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{11122BF6-AC6C-471A-8FF8-05F60841CF72}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E550212D-C9BA-4F22-8AAB-63A88C5E6C7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8B7900AF-2E42-4258-BACE-D90AB2C7088E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9798F574-215D-4DBC-9539-212CCDDB5C97}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A04131EC-41E4-45B5-9FE7-AFCA3B0DF077}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2015 10:43:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmd.exe, version: 0.0.0.0, time stamp: 0x545042b1
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000006795c
Faulting process id: 0xe38
Faulting application start time: 0xcmd.exe0
Faulting application path: cmd.exe1
Faulting module path: cmd.exe2
Report Id: cmd.exe3
Faulting package full name: cmd.exe4
Faulting package-relative application ID: cmd.exe5

Error: (06/13/2015 10:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmd.exe, version: 0.0.0.0, time stamp: 0x545042b1
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000006795c
Faulting process id: 0x4d4
Faulting application start time: 0xcmd.exe0
Faulting application path: cmd.exe1
Faulting module path: cmd.exe2
Report Id: cmd.exe3
Faulting package full name: cmd.exe4
Faulting package-relative application ID: cmd.exe5

Error: (06/13/2015 10:40:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (06/13/2015 10:40:24 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4680) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -541.

Error: (06/13/2015 10:40:24 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4680) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -541.

Error: (06/13/2015 10:37:03 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

Error: (06/13/2015 10:37:03 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1邐10 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

Error: (06/13/2015 10:37:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmd.exe, version: 0.0.0.0, time stamp: 0x545042b1
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000006795c
Faulting process id: 0xccc
Faulting application start time: 0xcmd.exe0
Faulting application path: cmd.exe1
Faulting module path: cmd.exe2
Report Id: cmd.exe3
Faulting package full name: cmd.exe4
Faulting package-relative application ID: cmd.exe5

Error: (06/13/2015 10:36:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)

Error: (06/13/2015 10:36:42 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1邐10 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)


System errors:
=============
Error: (06/13/2015 10:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 225 time(s).

Error: (06/13/2015 10:47:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (06/13/2015 10:47:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 224 time(s).

Error: (06/13/2015 10:47:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (06/13/2015 10:47:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 223 time(s).

Error: (06/13/2015 10:47:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (06/13/2015 10:47:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 222 time(s).

Error: (06/13/2015 10:47:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (06/13/2015 10:47:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 221 time(s).

Error: (06/13/2015 10:47:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%6801


Microsoft Office:
=========================
Error: (06/13/2015 10:43:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe0.0.0.0545042b1ntdll.dll6.3.9600.17736550f4336c0000005000000000006795ce3801d0a64bf513a354C:\WINDOWS\system32\cmd.exeC:\WINDOWS\SYSTEM32\ntdll.dll32c75642-123f-11e5-bee3-ac220b88f0c2

Error: (06/13/2015 10:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe0.0.0.0545042b1ntdll.dll6.3.9600.17736550f4336c0000005000000000006795c4d401d0a64b7ec8e178C:\WINDOWS\system32\cmd.exeC:\WINDOWS\SYSTEM32\ntdll.dllbf3d6f33-123e-11e5-bee3-ac220b88f0c2

Error: (06/13/2015 10:40:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (06/13/2015 10:40:24 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost4680Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-541

Error: (06/13/2015 10:40:24 PM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost4680Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-541

Error: (06/13/2015 10:37:03 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Recovery phase failed

Error: (06/13/2015 10:37:03 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
1邐10

Error: (06/13/2015 10:37:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmd.exe0.0.0.0545042b1ntdll.dll6.3.9600.17736550f4336c0000005000000000006795cccc01d0a64afeccc16aC:\WINDOWS\system32\cmd.exeC:\WINDOWS\SYSTEM32\ntdll.dll3c7e11fc-123e-11e5-bee3-ac220b88f0c2

Error: (06/13/2015 10:36:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
Recovery phase failed

Error: (06/13/2015 10:36:42 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The gatherer is shutting down. (HRESULT : 0x80040d23) (0x80040d23)
1邐10


CodeIntegrity Errors:
===================================
Date: 2015-06-05 18:09:46.036
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDPrint.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-05 18:09:45.911
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-05 18:03:46.235
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDPrint.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-05 18:03:46.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-04 22:17:28.263
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-04 21:50:52.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDPrint.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-04 21:50:52.534
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-04 21:28:25.539
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-02 18:44:50.339
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\WSDScan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-14 17:42:24.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 7368.32 MB
Available physical RAM: 6147.61 MB
Total Pagefile: 14792.32 MB
Available Pagefile: 13539.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.66 GB) (Free:36.95 GB) NTFS
Drive d: (Data) (Fixed) (Total:763.41 GB) (Free:717.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9A55A946)

Partition: GPT Partition Type.

==================== End of log ============================

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 14 June 2015 - 11:01 PM

Sorry for the delay in responding. I was not notified you had replied. Please do this.

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • For Windows 8 hit the Windows Key + I at the same time, click the Power button, then hold down the Shift Key while clicking Restart
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error replace C:\ with D:\)

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Boot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Edited by Oh My!, 14 June 2015 - 11:03 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 16 June 2015 - 03:05 PM

There was a Startup option: Safemode with Command Prompt.  it had me log in, then it gave me the same error as above with the CMD.EXE file and now is just sitting there as a black screen.    With CTRL+ALT+DEL, and Task Manager I tried to run CMD.exe and got 2 errors:

Cmd.exe stopped working & cdm.exe application error.

 

Thanks, Tim



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 16 June 2015 - 03:43 PM

Hi Tim,

Here are more specific instructions for Windows 8.

===================================================

Running sfc /scannow in Windows 8

-----------------
  • Hit the Windows Key + I at the same time
  • Click the Power button, then hold down the Shift Key while clicking Restart
  • Click Troubleshoot, Advanced Options, then Command Prompt
  • If necessary select the User Account and enter the Password
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error replace C:\ with D:\)

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Boot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 16 June 2015 - 07:33 PM

Gary,

 

The results are not great.  I tried a couple of things.

 

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

Windows Resource Protection could not start the repair service

 

Same answer for D:\

 

Tried X too since that was what was showing but that did not work either.

 

SFC /SCANNOW only
There is a system repair pending which requires a reboot.to complete.  Restart Windows and run SFC again.

 

SFC /VERIFYONLY gave the same result.

 

Rebooting now.... and will try above again.

 

Same result after a hard boot (shutting down completely, restarting, and then restarting using Command Prompt as directed above)


Edited by twetzel2k, 16 June 2015 - 07:42 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 16 June 2015 - 08:15 PM

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\windows\winsxs\pending.xml
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 17 June 2015 - 07:08 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Jen at 2015-06-17 20:11:47 Run:2
Running from C:\Users\Jen\Desktop
Loaded Profiles: Jen (Available Profiles: Jen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
c:\windows\winsxs\pending.xml
*****************

"c:\windows\winsxs\pending.xml" => File/Folder not found.

==== End of Fixlog 20:11:47 ====

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 AM

Posted 17 June 2015 - 09:11 PM

Thank you, this is next.

===================================================

Running DISM RestoreHealth in Windows 8

--------------------
  • Click Start and Type cmd
  • Right click on cmd.exe above and select Run as Administrator
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

Dism /Online /Cleanup-Image /RestoreHealth

  • The results will indicate whether or not a component store corruption exists
  • Reboot your computer
  • Report the scan results in your reply
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • DISM results
  • chkdsk results
  • Attached System Summary Report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 twetzel2k

twetzel2k
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 19 June 2015 - 05:34 AM

Please remember that 

  • Windows 8: Press the Windows key + X at the same time, then click Command Prompt (Admin)

gives me an error and I cannot run cmd.exe this way.  I will try it via the Safe Mode boot described above.

 

UPDATE:  That did not work.


Edited by twetzel2k, 19 June 2015 - 05:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users