Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System slow IE keeps hanging with not responding, hd light shows high disk usage


  • This topic is locked This topic is locked
42 replies to this topic

#1 zoofroghome

zoofroghome

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 17 June 2015 - 01:16 AM

System has over the last several months continued to slow down.  IE after booting up will sometimes open, but will quickly hang with not responding message or restarting message.  When this occurs, the system slows to the point that no other programs will be usable.  if I wait long enough, it appears to have short restarts, but eventually I need to reboot.  Sometimes it is so bad need to do the "power button" reboot.

 

Downloaded Firefox to see if that helps, but same issue.  Reset IE to default and that appeared to help for a short period.(minutes, not days).

 

I note that the HD light flashes almost solid during the hang periods.  It seems like something is thrashing.  I check the disk and it does not appear to be fragmented.

 

When I run in safe mode, which I needed to do to get this post sent, everything appears to run normally.

 

Below is the output from FRST program.

 

Thank you in advance

David

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Linda (administrator) on LINDA-DELL on 16-06-2015 22:03:30
Running from C:\Users\Linda\Downloads
Loaded Profiles: Linda (Available Profiles: Linda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => H.EXE
HKLM\...\Run: [RTHDVCPL] => GUI64.EXE -S
HKLM\...\Run: [IgfxTray] => DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] => DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] => DOWS\SYSTEM32\IGFXPERS.EXE
HKLM\...\Run: [IntelPAN] =>  TRAY
HKLM\...\Run: [BTMTrayAgent] => TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP
HKLM\...\Run: [IntelliPoint] => T.EXE"
HKLM\...\Run: [CanonMyPrinter] => TER\BJMYPRT.EXE /LOGON
HKLM\...\Run: [CanonSolutionMenu] => .EXE /LOGON
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2015-02-27] (McAfee, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-16] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F70D5684-3F95-447E-8B1B-C33113AE1529} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {F70D5684-3F95-447E-8B1B-C33113AE1529} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2049623133-1843630813-2076685501-1000 -> DefaultScope {3C98BE41-2099-4095-91FE-78B20633A4A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2049623133-1843630813-2076685501-1000 -> {3C98BE41-2099-4095-91FE-78B20633A4A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2049623133-1843630813-2076685501-1000 -> {F70D5684-3F95-447E-8B1B-C33113AE1529} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-11] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\t8tobemy.default
FF Homepage: https://www.google.com/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-13]

Chrome:
=======
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-06] (SUPERAntiSpyware.com)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 21:55 - 2015-06-16 22:04 - 00016375 _____ C:\Users\Linda\Downloads\FRST.txt
2015-06-16 21:53 - 2015-06-16 21:53 - 02109952 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-06-16 20:28 - 2015-06-16 20:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-16 20:28 - 2015-06-16 20:28 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-16 20:28 - 2015-06-16 20:28 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Mozilla
2015-06-16 20:28 - 2015-06-16 20:28 - 00000000 ____D C:\Users\Linda\AppData\Local\Mozilla
2015-06-16 20:27 - 2015-06-16 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 20:27 - 2015-06-16 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-16 20:27 - 2015-06-16 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-16 20:22 - 2015-06-16 20:22 - 00003352 ____N C:\bootsqm.dat
2015-06-16 17:29 - 2015-06-16 22:00 - 00000392 _____ C:\Windows\setupact.log
2015-06-16 17:29 - 2015-06-16 17:29 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 19:22 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-15 16:08 - 2015-06-15 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-03 14:16 - 2015-06-03 14:16 - 00000000 ____D C:\Users\Linda\AppData\Local\GWX
2015-06-01 08:58 - 2015-06-01 08:58 - 00001240 _____ C:\bad files.txt
2015-05-17 03:11 - 2015-06-16 21:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09089e5d6233a.job
2015-05-17 03:11 - 2015-05-17 03:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09089e5d6233a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 22:04 - 2015-03-30 20:30 - 01983002 _____ C:\Windows\WindowsUpdate.log
2015-06-16 22:03 - 2013-01-29 14:54 - 00000000 ____D C:\FRST
2015-06-16 22:00 - 2013-07-20 08:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 22:00 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 21:17 - 2015-02-05 15:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0418fe064d834.job
2015-06-16 21:17 - 2012-05-13 15:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 21:12 - 2014-06-18 08:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b0cc18797ac.job
2015-06-16 20:31 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 20:31 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 20:09 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 18:08 - 2014-12-06 00:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 17:10 - 2012-05-13 15:43 - 00000000 ____D C:\Users\Linda\Documents\Outlook Files
2015-06-16 07:56 - 2013-04-05 22:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-16 06:09 - 2012-05-13 15:30 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-15 19:22 - 2012-03-02 22:46 - 00000000 ____D C:\ProgramData\McAfee
2015-06-15 19:21 - 2012-05-13 15:30 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-15 16:08 - 2012-05-13 15:31 - 00001806 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-06-10 05:16 - 2012-05-13 15:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 04:16 - 2012-05-13 15:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 04:16 - 2012-03-02 21:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:21 - 2013-07-20 08:10 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-03 14:15 - 2009-07-13 22:08 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-17 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-05-17 03:11 - 2015-02-05 15:05 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0418fe064d834
2015-05-17 03:11 - 2013-07-20 08:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 03:07 - 2011-02-10 09:10 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-17 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2014-10-25 18:54 - 2014-10-25 18:54 - 0000000 _____ () C:\Users\Linda\AppData\Roaming\ylkqrs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-13 00:49

==================== End of log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 19 June 2015 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Include also the Addition.txt log that was created the first time you have executed the Farbar tool.
The file should be located in the same folder were the tool is located.

#3 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 June 2015 - 12:55 PM

Hello nasdaq, thanks for your help.

I ran the FRST, but had to run it in safe mode. I note that it was unable to create the restore point.
I tried to go back to normal mode for the next steps, but was unable to download the next program.

I am back in safe mode and wanted to post the output from FRST and will download the programs I need.

Can I run them in safe mode?

Thanks

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Linda at 2015-06-19 09:55:51 Run:1
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully


The system needed a reboot..

==== End of Fixlog 09:55:52 ====

#4 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 June 2015 - 07:26 PM

Hello nasdaq. I downloaded the additional programs in safe mode, then I rebooted to normal mode and ran them. took all day! oh well.

Tried to post the results and still having the same issues. Pop up on bottom of screen when trying to post back here kept saying " bleeping not responding and to the right side of the message a button with Recover Webpage.

Eventually it was easier to just reboot to safe mode where I can work.

The one thing that seems consistant is the HD light seems to go almost solid when I try do things.
When it starts to blink a little, I seem to get back some cpu time and I can do a few things, but not
for more than a few seconds at a time.

below are the log files for Adware Cleaner and Zoek.

Hope you see something.

# AdwCleaner v4.206 - Logfile created 19/06/2015 at 11:13:12
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Linda - LINDA-DELL
# Running from : C:\Users\Linda\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Linda\AppData\LocalLow\iac

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [851 bytes] - [19/06/2015 11:02:32]
AdwCleaner[R1].txt - [909 bytes] - [19/06/2015 11:09:03]
AdwCleaner[S0].txt - [837 bytes] - [19/06/2015 11:13:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [895 bytes] ##########



Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Linda on Fri 06/19/2015 at 13:14:51.99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Linda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Cozi deleted successfully
C:\Users\Linda\AppData\Roaming\Malwarebytes deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Linda\AppData\Roaming\ylkqrs.dll deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\t8tobemy.default
user_pref("browser.startup.homepage", "https://www.google.com/");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124


SiteAdvisor - Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

==== Chromium Startpages ======================

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3C98BE41-2099-4095-91FE-78B20633A4A2}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3C98BE41-2099-4095-91FE-78B20633A4A2} Google Url="https://www.google.com/search?q={searchTerms}"
{F70D5684-3F95-447E-8B1B-C33113AE1529} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2049623133-1843630813-2076685501-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F70D5684-3F95-447E-8B1B-C33113AE1529} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F70D5684-3F95-447E-8B1B-C33113AE1529} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F70D5684-3F95-447E-8B1B-C33113AE1529} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Linda\AppData\Local\Mozilla\Firefox\Profiles\t8tobemy.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=1 886 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Linda\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Linda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 06/19/2015 at 16:23:33.72 ======================

#5 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 June 2015 - 08:38 PM

here is the addition log you requested. forgot to post it above.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Linda at 2015-06-16 22:07:54
Running from C:\Users\Linda\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2049623133-1843630813-2076685501-500 - Administrator - Disabled)
Guest (S-1-5-21-2049623133-1843630813-2076685501-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2049623133-1843630813-2076685501-1002 - Limited - Enabled)
Linda (S-1-5-21-2049623133-1843630813-2076685501-1000 - Administrator - Enabled) => C:\Users\Linda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Driver Download Manager (HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{0F99CA59-7CB4-4167-A43A-4B1D5E584281}) (Version: 1.6.301.0 - Fingertapps)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fitbit Connect (HKLM-x32\...\{C257E096-67B0-4122-98F3-EE0D8798E03B}) (Version: 1.0.0.4065 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.19 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-01-31 17:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA286CD-FA53-4DBE-B9C3-0B9662AA3807} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {1A640C7C-25B3-4E7E-84BB-F5A751126836} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {238C75A6-CCFF-4F5F-A5C0-823036145679} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {270EBEC9-C1B5-4FCA-A632-C43719B01F9A} - System32\Tasks\GoogleUpdateTaskMachineUA1d09089e5d6233a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {29FB5D2A-EFDA-4996-AC96-178293158FD7} - System32\Tasks\{7E967AC8-CE3A-CAA4-F23B-D0086F8160EF} => C:\Users\Linda\AppData\Roaming\npppal.dll/s "C:\Users\Linda\AppData\Roaming\npppal.dll" <==== ATTENTION
Task: {30530F8D-1A10-42D1-BCF0-2F401BB5157C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {31430D9A-2482-409A-BE4D-DFC8BF89AD9F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0418fe064d834 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {53B2B207-DA52-4840-AF32-349DDB8BF85D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8b0cc18797ac => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6623303F-B772-4F6E-A6CA-4DDD24C55B71} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-30] (Microsoft Corporation)
Task: {6FDDABEE-0820-4EB0-94D7-39178CABF2D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {A80E45D3-3B91-4C82-B72F-1674DD423587} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {B4B2B8EE-6D0F-4C85-B7DC-5FEF59DEC514} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E3CE5601-9AB1-4345-9414-9824AC6BD89B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {FD13842A-537A-47AD-A3D8-AA7CC0E5D263} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {FD4A0D3F-19A2-4821-8F59-DF4A5015730E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b0cc18797ac.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0418fe064d834.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09089e5d6233a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2049623133-1843630813-2076685501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.12 - 68.105.29.12

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{79899819-DF10-400D-9C24-3EF5DC95885A}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{616AA2A3-C8F5-486F-BD0B-F0FF29694A8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{32C19433-A7AD-44E5-AC37-5777A1C71E6A}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{3144A9AC-E828-4597-BB42-AAE5F521A9C3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6FEB430-86FE-4A2F-B286-BF5C458B9BC0}] => (Allow) LPort=2869
FirewallRules: [{B8B2CCC7-222C-47C9-BC13-CDAC7C7599D2}] => (Allow) LPort=1900
FirewallRules: [{571C2807-8DD4-46E1-9B27-9195740AEE6A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D17FBCC1-5AE0-46C8-9552-74A6A2E17C68}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2956C3F5-F577-4ED8-8365-6D5F22389C9E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B6F5CACD-3BFC-4F3E-9395-BEBC59AF8EC9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{43F113EA-7D41-4716-B7BA-AFBA19810BA6}] => (Allow) LPort=9700
FirewallRules: [{81F8AFF7-EC0E-4FF3-BC3B-FFBF5F2D1192}] => (Allow) LPort=9701
FirewallRules: [{005D5745-D203-45E6-B116-FBA43E02396D}] => (Allow) LPort=9702
FirewallRules: [{EBC9466A-444D-41D5-BDC5-D463CDB21BE0}] => (Allow) LPort=9700
FirewallRules: [{CDDE8889-F2A8-4A09-8B64-463696268FCF}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{322269CC-2449-48CF-9D0A-CBE4961E8E9E}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{24D68C6E-DAE1-4640-8BA0-89EC6B7ACE6F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C6749563-F5EE-438A-A2F4-5493D7C6E613}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{69653F2E-C31F-4050-8155-1AFA6E8B70CD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AF0050E-63F5-4A84-B7B2-703A8562455A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2000EA78-CF4A-46EB-B183-E2F82529CDBB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3022009-AEE0-497A-BB8A-494487FAA682}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 10:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 09:35:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 08:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 08:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: Flash32_17_0_0_188.ocx, version: 17.0.0.188, time stamp: 0x553ba5fa
Exception code: 0xc0000005
Fault offset: 0x006ab6ea
Faulting process id: 0x5e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/16/2015 08:03:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 07:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 07:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 06:46:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 06:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/16/2015 10:13:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%1016

Error: (06/16/2015 10:10:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (06/16/2015 10:03:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/16/2015 09:54:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:54:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:54:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:53:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:53:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:53:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/16/2015 09:53:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (06/16/2015 10:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 09:35:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 08:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 08:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cFlash32_17_0_0_188.ocx17.0.0.188553ba5fac0000005006ab6ea5e801d0a8aa70cd9e0cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_188.ocx16b53916-149e-11e5-ba3b-4ceb42574008

Error: (06/16/2015 08:03:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 07:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 07:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 06:46:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 06:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-06-30 00:46:57.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-30 00:46:57.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-30 00:46:57.754
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-26 03:26:17.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-26 03:26:17.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-26 03:26:17.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-23 05:19:46.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-23 05:19:46.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-23 05:19:46.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-16 22:15:05.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 6038.17 MB
Available physical RAM: 3913.91 MB
Total Pagefile: 12074.54 MB
Available Pagefile: 9851.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:228.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of log ============================

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 20 June 2015 - 08:29 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

Task: {29FB5D2A-EFDA-4996-AC96-178293158FD7} - System32\Tasks\{7E967AC8-CE3A-CAA4-F23B-D0086F8160EF} => C:\Users\Linda\AppData\Roaming\npppal.dll/s "C:\Users\Linda\AppData\Roaming\npppal.dll" <==== ATTENTION
C:\Users\Linda\AppData\Roaming\npppal.dll

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===


How is the computer running now?

#7 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 20 June 2015 - 12:37 PM

Hello nasdaq.  Wish I could say things are better, but they are still the same. I tried to post back to you in normal mode and was unable to get even a small amount of typing when the hangs started occurring and I received the bleeping not responding with the offer to reload the webpage.  HD light while in normal mode still appears almost solid most of the time.  When I see it start blinking is when it seems to free me back up to do a little more.

 

Below is the log file as requested.

 

Thanks for your support.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Linda at 2015-06-20 09:00:20 Run:2
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CloseProcesses:

Task: {29FB5D2A-EFDA-4996-AC96-178293158FD7} - System32\Tasks\{7E967AC8-CE3A-CAA4-F23B-D0086F8160EF} => C:\Users\Linda\AppData\Roaming\npppal.dll/s "C:\Users\Linda\AppData\Roaming\npppal.dll" <==== ATTENTION
C:\Users\Linda\AppData\Roaming\npppal.dll

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29FB5D2A-EFDA-4996-AC96-178293158FD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FB5D2A-EFDA-4996-AC96-178293158FD7}" => key removed successfully
C:\Windows\System32\Tasks\{7E967AC8-CE3A-CAA4-F23B-D0086F8160EF} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E967AC8-CE3A-CAA4-F23B-D0086F8160EF}" => key removed successfully
"C:\Users\Linda\AppData\Roaming\npppal.dll" => File/Folder not found.

The system needed a reboot..

==== End of Fixlog 09:00:22 ====



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 20 June 2015 - 12:55 PM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#9 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 20 June 2015 - 02:22 PM

Hello nasdaq, had some issues trying to remove all the McAfee stuff, so I went ahead and ran the combofix anyway.

 

below is the log file.  I will reboot and see how things behave in normal mode and post an update.

 

ComboFix 15-06-18.01 - Linda 06/20/2015  12:01:13.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6038.5260 [GMT -7:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-20 to 2015-06-20  )))))))))))))))))))))))))))))))
.
.
2015-06-20 19:11 . 2015-06-20 19:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-06-19 20:03 . 2015-06-19 22:56 -------- d-----w- C:\zoek_backup
2015-06-19 18:02 . 2015-06-19 18:13 -------- d-----w- C:\AdwCleaner
2015-06-17 03:28 . 2015-06-17 03:28 -------- d-----w- c:\users\Linda\AppData\Local\Mozilla
2015-06-17 03:27 . 2015-06-17 03:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-06-16 02:22 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2015-06-03 21:16 . 2015-06-03 21:16 -------- d-----w- c:\users\Linda\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-17 01:08 . 2014-12-06 07:26 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 11:16 . 2012-05-13 22:23 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 11:16 . 2012-03-03 04:36 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 10:15 . 2012-03-31 01:45 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-11 14:39 . 2015-05-11 14:43 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-05 01:29 . 2015-05-13 10:30 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 10:30 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-01 13:17 . 2015-05-14 10:07 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 10:07 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-27 19:28 . 2015-05-13 10:29 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-27 19:28 . 2015-05-13 10:29 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-27 19:28 . 2015-05-13 10:29 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-27 19:26 . 2015-05-13 10:29 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-04-27 19:23 . 2015-05-13 10:29 243712 ----a-w- c:\windows\system32\wow64.dll
2015-04-27 19:23 . 2015-05-13 10:29 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-04-27 19:23 . 2015-05-13 10:29 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-04-27 19:23 . 2015-05-13 10:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-04-27 19:23 . 2015-05-13 10:29 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-04-27 19:23 . 2015-05-13 10:29 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-04-27 19:23 . 2015-05-13 10:29 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-27 19:23 . 2015-05-13 10:29 879104 ----a-w- c:\windows\system32\tdh.dll
2015-04-27 19:23 . 2015-05-13 10:29 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-04-27 19:23 . 2015-05-13 10:29 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-27 19:23 . 2015-05-13 10:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-04-27 19:23 . 2015-05-13 10:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-04-27 19:23 . 2015-05-13 10:29 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:23 . 2015-05-13 10:29 28160 ----a-w- c:\windows\system32\secur32.dll
2015-04-27 19:23 . 2015-05-13 10:29 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-27 19:23 . 2015-05-13 10:29 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-27 19:23 . 2015-05-13 10:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-04-27 19:23 . 2015-05-13 10:29 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-27 19:23 . 2015-05-13 10:29 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-04-27 19:23 . 2015-05-13 10:29 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-04-27 19:23 . 2015-05-13 10:29 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-04-27 19:23 . 2015-05-13 10:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-04-27 19:23 . 2015-05-13 10:29 22016 ----a-w- c:\windows\system32\credssp.dll
2015-04-27 19:23 . 2015-05-13 10:29 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-04-27 19:22 . 2015-05-13 10:29 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-04-27 19:22 . 2015-05-13 10:29 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-04-27 19:22 . 2015-05-13 10:29 112640 ----a-w- c:\windows\system32\smss.exe
2015-04-27 19:22 . 2015-05-13 10:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-04-27 19:22 . 2015-05-13 10:29 43008 ----a-w- c:\windows\system32\relog.exe
2015-04-27 19:22 . 2015-05-13 10:29 31232 ----a-w- c:\windows\system32\lsass.exe
2015-04-27 19:22 . 2015-05-13 10:29 104448 ----a-w- c:\windows\system32\logman.exe
2015-04-27 19:22 . 2015-05-13 10:29 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-04-27 19:22 . 2015-05-13 10:29 338432 ----a-w- c:\windows\system32\conhost.exe
2015-04-27 19:21 . 2015-05-13 10:29 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-04-27 19:18 . 2015-05-13 10:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-27 19:18 . 2015-05-13 10:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-27 19:16 . 2015-05-13 10:29 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-04-27 19:16 . 2015-05-13 10:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-27 19:16 . 2015-05-13 10:29 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-27 19:11 . 2015-05-13 10:29 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11 . 2015-05-13 10:29 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08 . 2015-05-13 10:29 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-04-27 19:05 . 2015-05-13 10:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-04-27 19:05 . 2015-05-13 10:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-04-27 19:05 . 2015-05-13 10:29 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-04-27 19:05 . 2015-05-13 10:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-04-27 19:05 . 2015-05-13 10:29 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:05 . 2015-05-13 10:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-04-27 19:05 . 2015-05-13 10:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-04-27 19:05 . 2015-05-13 10:29 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-04-27 19:05 . 2015-05-13 10:29 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-04-27 19:04 . 2015-05-13 10:29 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-04-27 19:04 . 2015-05-13 10:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-04-27 19:04 . 2015-05-13 10:29 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-04-27 19:04 . 2015-05-13 10:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-27 19:04 . 2015-05-13 10:29 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-04-27 19:04 . 2015-05-13 10:29 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-04-27 19:04 . 2015-05-13 10:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-04-27 19:04 . 2015-05-13 10:29 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-04-27 19:04 . 2015-05-13 10:29 82944 ----a-w- c:\windows\SysWow64\logman.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-06-16 7799576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2015-02-27 533872]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-02-10 643064]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 04:17 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 11:16]
.
2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20 16:53]
.
2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8b0cc18797ac.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20 16:53]
.
2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0418fe064d834.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20 16:53]
.
2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d09089e5d6233a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="GUI64.EXE -S" [X]
"IntelPAN"="TRAY" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\t8tobemy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-Run-BTMTrayAgent - TEL\BLUETOOTH\BTMSHELL.DLL
HKLM-Run-IntelliPoint - T.EXE
HKLM-Run-CanonMyPrinter - TER\BJMYPRT.EXE
HKLM-Run-CanonSolutionMenu - .EXE
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-20  12:16:47
ComboFix-quarantined-files.txt  2015-06-20 19:16
.
Pre-Run: 245,046,890,496 bytes free
Post-Run: 244,955,828,224 bytes free
.
- - End Of File - - 243CF611267DE0FE5E9E1A15CCC2BD48
 



#10 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 20 June 2015 - 02:45 PM

Nasdaq, Sorry to say things are the same.

I appreciate your help. I will hang in there.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 21 June 2015 - 07:48 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"=-
"{90140000-0018-0409-0000-0000000FF1CE}"=-

Restart the when completed.

You can delete the fixme.reg file when done.

===

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#12 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 21 June 2015 - 10:14 AM

Nasdaq, on a previous activity, when I ran from safe mode I believe FRST was unable to run the restore.

 

Is it ok for me to run all these in safe mode?  I will do it in normal mode, but it will take all day, but if that is what it takes I am ok to do it that way.

 

I will start downloading things I need in safe mode.

 

Thanks



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 21 June 2015 - 11:12 AM

Try to run the Tweaking.com tool in safe mode.

If no joy then run the tool in normal mode, as I have suggested, make sure you create a restore point.

Instead of selecting all the items I suggested just repair the Internet Explorer for now.

Select only no 7 from the lists.

If the system improves then you can do the others.

#14 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 21 June 2015 - 11:25 PM

Hello nasdaq.  Good news, things have improved.

 

I will let you know what happened followed by the log files from Tweaking.com. 

 

fixme.reg had an issue, but I think I figured it out and it went forward.  the code window included the word Quote in it and when I selected it to notepad and saved it, I received and error saying the file was not a Regedit script.  When I only copied from below that point, it worked with no errors.

 

Tweaking.com

Step 2, scan found some variable issues which I had it repair.  it indicated an error in the Reparse, but I forgot to repair it. (did it on the second run of Tweaking when I selected all the items you listed)

Step5 had some issues.  it appeared to run ok, but a message appeared indicating an error had occurred on a previous backup.  I found what looked to be reg backup files at C:/RegBackup.  Not sure if those are from Tweaking or not.

Step Repair.  First run was with 7 only as you suggested.  No issues.  Second run with all item as you requested, no issues.

 

I did not see any errors which I could capture to notepad, so I will include the logs below.

 

Had a couple hangs during reboot.  shutting down screen for 10 minutes.  finally gave it the power button shutdown.  Only happened a couple time, as I am trying to see if it is consistent.  rebooted about 10 times at least.

 

Although the performance seems to have improved, and the HD light does not seem to be solid all the time, something has happened that I am not sure about.  I tried to create a restore point since things looked like they were improving and I was not able to.  I kept getting an error message that the "shadow copy provider had an error".  I started looking around trying to figure out what this might be and I noticed that I no longer see my recovery partition.  Not sure if somehow this was related to the other issues, but wanted to note it to you.

 

Below are the logs from Tweaking.com I will need to post them on separate post due to size.

 

file Windows repair log

 

Tweaking.com - Windows Repair v3.2.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: LINDA-DELL
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Linda
Current Profile SID: S-1-5-21-2049623133-1843630813-2076685501-1000
Current Profile Classes: S-1-5-21-2049623133-1843630813-2076685501-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Linda\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:08:58

Process Count: 30
Commit Total: 717.33 MB
Commit Limit: 11.79 GB
Commit Peak: 1.15 GB
Handle Count: 7123
Kernel Total: 193.14 MB
Kernel Paged: 143.22 MB
Kernel Non Paged: 49.93 MB
System Cache: 320.27 MB
Thread Count: 346
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.90 GB
Memory Used: 729.64 MB(12.0837%)
Memory Avail.: 5.18 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.90 GB
Memory Used: 731.14 MB(12.1086%)
Memory Avail.: 5.18 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (6/21/2015 10:42:23 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 140
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (6/21/2015 10:43:40 AM)

   Running Repair Under Current User Account
   Done (6/21/2015 10:43:56 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (6/21/2015 10:43:56 AM)

Decompressing & Updating Windows Permission File services.txt
Done,  0.22 seconds.

   Running Repair Under System Account
   Done (6/21/2015 10:50:52 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (6/21/2015 10:50:53 AM)

   Running Repair Under System Account
   Done (6/21/2015 10:53:17 AM)

03 - Reset Service Permissions
   Start (6/21/2015 10:53:17 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 10:53:36 AM)

04 - Register System Files
   Start (6/21/2015 10:53:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 10:54:55 AM)

05 - Repair WMI
   Start (6/21/2015 10:54:55 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   McAfee Anti-Virus and Anti-Spyware Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   McAfee Anti-Virus and Anti-Spyware Exported.

   Exporting 3rd Party Firewall Info...
   McAfee Firewall Exported.

   Running Repair Under Current User Account
   Done (6/21/2015 10:59:41 AM)

07 - Repair Internet Explorer
   Start (6/21/2015 10:59:41 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 11:00:11 AM)

08 - Repair MDAC/MS Jet
   Start (6/21/2015 11:00:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 11:00:21 AM)

10 - Remove Policies Set By Infections
   Start (6/21/2015 11:00:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 11:00:32 AM)

13 - Repair Network
   Start (6/21/2015 11:00:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/21/2015 11:00:51 AM)

17 - Repair Windows Updates
   Start (6/21/2015 11:00:51 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.34 seconds.

   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (6/21/2015 11:05:52 AM)

21 - Repair MSI (Windows Installer)
   Start (6/21/2015 11:05:52 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.2 seconds.

   Running Repair Under System Account
   Done (6/21/2015 11:06:06 AM)

26 - Restore Important Windows Services
   Start (6/21/2015 11:06:07 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.22 seconds.

   Running Repair Under System Account
   Done (6/21/2015 11:06:21 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (6/21/2015 11:06:21 AM)
   Total Repair Time: 00:24:09

...YOU MUST RESTART YOUR SYSTEM...

 



#15 zoofroghome

zoofroghome
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 21 June 2015 - 11:28 PM

Repair MSI log

 

[SC] ChangeServiceConfig SUCCESS
The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Installer service is starting.
The Windows Installer service was started successfully.

[SC] ChangeServiceConfig SUCCESS
The Windows Installer service is stopping.
The Windows Installer service was stopped successfully.

The Windows Installer service is starting.
The Windows Installer service was started successfully.

 

 

Repair Network log

 

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Ok.

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.

Reseting Interface, OK!
Restart the computer to complete this action.

The following command was not found: int isatap reset all.

Reset of all TCP parameters OK!
Ok.

The following command was not found: int teredo reset all.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Ok.

There's no user specified settings to be reset.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.

There's no user specified settings to be reset.

The following command was not found: int isatap reset all.

Reset of all TCP parameters OK!
Ok.

The following command was not found: int teredo reset all.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.


Repair Windows updates

 

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Modules Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Deleted file - C:\Windows\SoftwareDistribution\ReportingEvents.log
Deleted file - C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab
Deleted file - C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab
Deleted file - C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\muauth.cab
Deleted file - C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edb00312.log
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00001.jrs
Deleted file - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00002.jrs
Deleted file - C:\Windows\SoftwareDistribution\Download\14d19c27b28cc3990260d7191f6e0ff6c7483623
Deleted file - C:\Windows\SoftwareDistribution\Download\33d8a4b8183134ca79120bb436c18ddab713e713
Deleted file - C:\Windows\SoftwareDistribution\Download\c3248eb572cb5f82e63ce9c6d73cfbf39b1052ae
Deleted file - C:\Windows\SoftwareDistribution\Download\c4c1fbee903e8bba0aec652a51f4db17ecabac3e
Deleted file - C:\Windows\SoftwareDistribution\Download\dabf84f58004acfdf6d2ebcaac230e833d6090fe
Deleted file - C:\Windows\SoftwareDistribution\Download\e5ff3196a4bd972099b1f8a11c64b899f3fc3374
Deleted file - C:\Windows\SoftwareDistribution\Download\e799ce3c7e730ff6baf6020caf0351922733eb38
Deleted file - C:\Windows\SoftwareDistribution\Download\5ca42405dd00f7ddf10aa44195fb5f85\mso-x-none.cab
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_02047a007dd4e43b7abab5c375fd343a_31bf3856ad364e35_6.1.7601.17772_none_7a857d7c34abf2ec.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_1fad8a7457ec3d037ade04a0f1e35473_31bf3856ad364e35_6.1.7601.21914_none_42413e0b525beb4f.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_37919a04601a773134d82c86b88177bb_31bf3856ad364e35_6.1.7600.16957_none_4497c3694e77ca46.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_37938f30bbd785c99b1ab51fd061bcbb_31bf3856ad364e35_6.1.7600.21143_none_1fa7e25f26c8e224.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_40e4eeaff6071842976de90fe715298e_31bf3856ad364e35_6.1.7601.21914_none_4818007c9bc29f8f.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_6358993842a7be0b9e4b104772a7abf7_31bf3856ad364e35_6.1.7601.17772_none_8c402e7fc9f76819.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_922b55f4e87ad26c7b2a9e3e232f78c9_31bf3856ad364e35_6.1.7600.21143_none_22669443ea0583c7.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_923522cc126ab48cedead66c346cf7eb_31bf3856ad364e35_6.1.7600.21143_none_05fa4faed7fecba0.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_936736a0522bb89f4e68a47905e917dc_31bf3856ad364e35_6.1.7601.17772_none_1e236a12d895dc75.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_a9707b9d431967929873fd06d6553f13_31bf3856ad364e35_6.1.7600.16957_none_1b8a25cdbd6b2b43.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_b45524bdba7b9a9e329c1349d91e2744_31bf3856ad364e35_6.1.7601.21914_none_26c890d72707b471.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_c074c05a2d059d0985e7213afdd38ba8_31bf3856ad364e35_6.1.7600.16957_none_d4cfeaec88b0a4b5.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_150ae71db41d9e2c.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_159b2acecd36efeb.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_1_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_1_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_1_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_1_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_2_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_2_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_2_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_2_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_3_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_3_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_3_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_3_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_4_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_4_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_4_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_4_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_5_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_5_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_5_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_5_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_6_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_6_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_6_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_6_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_7_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_7_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_7_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_7_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_8_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_8_for_kb2641653_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_8_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_8_for_kb2641653~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_rtm~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_rtm~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_sp1~31bf3856ad364e35~amd64~~6.1.1.0.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\package_for_kb2641653_sp1~31bf3856ad364e35~amd64~~6.1.1.0.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\update-bf.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\update-bf.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\update.cat
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\update.mum
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\windows6.1-kb2641653-x64-express.cab
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\windows6.1-kb2641653-x64.psf.cix.xml
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_1f5f916fe87e6027.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_1fefd5210197b1e6.manifest
Deleted file - C:\Windows\SoftwareDistribution\Download\8cc2996c507e2d435cd6d47342f4b7ea\cbshandler\state
Deleted file - C:\Windows\SoftwareDistribution\Download\f1b8cfd208641fcdabb120050783a2f6\mso-x-none.cab
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupHandler.cab
Deleted file - C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\v6-legacy-muredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\v6-muredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab
Deleted file - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
Deleted file - C:\Windows\system32\catroot2\dberr.txt
Deleted file - C:\Windows\system32\catroot2\edb.chk
Deleted file - C:\Windows\system32\catroot2\edb.log
Deleted file - C:\Windows\system32\catroot2\edb00733.log
Deleted file - C:\Windows\system32\catroot2\edbres00001.jrs
Deleted file - C:\Windows\system32\catroot2\edbres00002.jrs
Deleted file - C:\Windows\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Deleted file - C:\Windows\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{09b2821f-90ff-11e3-b627-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{09b2821f-90ff-11e3-b627-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{09b2821f-90ff-11e3-b627-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{5b083d74-2e9c-11e4-9373-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{5b083d74-2e9c-11e4-9373-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{5b083d74-2e9c-11e4-9373-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{74eec2a6-d460-11e3-8510-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{74eec2a6-d460-11e3-8510-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{74eec2a6-d460-11e3-8510-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{8147fb50-7a0c-11e1-b6c8-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{8147fb50-7a0c-11e1-b6c8-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{8147fb50-7a0c-11e1-b6c8-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{bbe37483-64f0-11e1-bf75-848f69c98bde}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{bbe37483-64f0-11e1-bf75-848f69c98bde}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{bbe37483-64f0-11e1-bf75-848f69c98bde}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{cf5a5979-9d43-11e1-838c-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{cf5a5979-9d43-11e1-838c-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{cf5a5979-9d43-11e1-838c-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{ea03d1d0-16fa-11e3-854c-4ceb42574008}.TM.blf
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{ea03d1d0-16fa-11e3-854c-4ceb42574008}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{ea03d1d0-16fa-11e3-854c-4ceb42574008}.TMContainer00000000000000000002.regtrans-ms
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.blf
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
File not found - C:\Windows\SysWoW64\catroot2\*.*

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Modules Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Path not found - C:\Windows\SoftwareDistribution
The system cannot find the file specified.
The system cannot find the file specified.
Path not found - C:\Windows\system32\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
File not found - C:\Windows\system32\SMI\Store\Machine\*.TM*
File not found - C:\Windows\system32\SMI\Store\Machine\*.blf
File not found - C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.TM*
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.blf
Could Not Find C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Path not found - C:\Windows\SysWoW64\catroot2
The system cannot find the file specified.
The system cannot find the file specified.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users