Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot to safe mode


  • Please log in to reply
37 replies to this topic

#1 Droidling

Droidling

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 11:48 AM

This started when I noticed the my Firefox new tabs were opening to Bing. I was able to reset it to the default, but figured some kind of malware that changed it in the first place. When I tried to run malwarebytes my definitions were out of date. I got a warning that the server was unavailable. I continued the scan but it found nothing. Thinking that the malware might be blocking the update I tried booting too safe mode. When I got to the safe mode login it would not accept my usual admin password, saying the user name and password were incorrect. It would then restart on its own. I am able to log into windows using the password/username if I do a normal boot. I did a system restore to a point before all this started. That got me to a point where. Norton did an automatic cleaning that quarantined or removed several trojans a worm and something called SAPE (have a list if that helps). MBAM removed PUP.optional.OpenCandy.

 

I'm finding that I still can't get into Safe Mode. It won't accept my Admin Password. I've also discovered that if I just let it sit at the safe mode login screen the system will reboot.

 

I did notice a piece of software called Web Companion from Lavasoft that I don't recognize.

 

The system is an ASUS CM6820 running Windows 7 - 64 bit, Norton Security Suite 21.7.0.11, Firefox with HitmanPro.Alert

 

I don't know if I still have a malware infection, or if this is just some configuration issue left over from the infection. 

 

   



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 06 July 2015 - 11:56 AM

Hello :)

Let's see what is going on...

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 12:13 PM

SecurityCheck did not open Notepad. Below is the contents of result.txt 

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Terry (administrator) on 06-07-2015 at 10:02:47
Running from "C:\Users\Terry\Desktop\Malwear"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: CM6870 Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\system32\LavasoftTcpService.dll [348488] (Lavasoft Limited)
Catalog9 02 C:\windows\system32\LavasoftTcpService.dll [348488] (Lavasoft Limited)
Catalog9 03 C:\windows\system32\LavasoftTcpService.dll [348488] (Lavasoft Limited)
Catalog9 04 C:\windows\system32\LavasoftTcpService.dll [348488] (Lavasoft Limited)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\LavasoftTcpService.dll [348488] (Lavasoft Limited)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\windows\System32\LavasoftTcpService64.dll [428880] (Lavasoft Limited)
x64-Catalog9 02 C:\windows\System32\LavasoftTcpService64.dll [428880] (Lavasoft Limited)
x64-Catalog9 03 C:\windows\System32\LavasoftTcpService64.dll [428880] (Lavasoft Limited)
x64-Catalog9 04 C:\windows\System32\LavasoftTcpService64.dll [428880] (Lavasoft Limited)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\windows\System32\LavasoftTcpService64.dll [428880] (Lavasoft Limited)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2015 10:01:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 38.0.5.5623, time stamp: 0x5563b224
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x35d4f7dc
Faulting process id: 0x227c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/06/2015 09:21:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 09:07:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 08:45:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 08:21:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 03:27:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 01:01:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 00:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 00:47:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (07/02/2015 00:47:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031


System errors:
=============
Error: (07/06/2015 09:26:30 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:25:30 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:24:29 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:23:29 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:22:28 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:21:28 AM) (Source: Service Control Manager) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/06/2015 09:20:25 AM) (Source: Service Control Manager) (User: )
Description: The PDF Suite 2013 Service service terminated with the following error:
%%-2147467259

Error: (07/06/2015 09:19:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:18:14 AM on ‎7/‎6/‎2015 was unexpected.

Error: (07/06/2015 09:16:54 AM) (Source: Service Control Manager) (User: )
Description: The SolidWorks Electrical Collaborative Server service has reported an invalid current state 0.

Error: (07/06/2015 09:06:30 AM) (Source: Service Control Manager) (User: )
Description: The PDF Suite 2013 Service service terminated with the following error:
%%-2147467259


Microsoft Office Sessions:
=========================
Error: (07/06/2015 10:01:37 AM) (Source: Application Error)(User: )
Description: firefox.exe38.0.5.56235563b224unknown0.0.0.000000000c000000535d4f7dc227c01d0b808d7fcac80C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknowna944868d-2400-11e5-b4cb-10bf48d72857

Error: (07/06/2015 09:21:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 09:07:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 08:45:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 08:21:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 03:27:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 01:01:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 00:53:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 00:47:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (07/02/2015 00:47:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (HKLM\...\{9301985B-D116-4A93-A93D-94580084FF86}) (Version: 1.2.0 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Ad-Aware Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}) (Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.07 - ASUSTeK Computer Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.23 - ASUSTeK Computer Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
ASUS Instant On (HKLM-x32\...\{CCC4652E-F5E0-498A-84F3-5DDBEF84642B}) (Version: 1.01.08 - ASUSTeK Computer Inc.)
Atmel ARM GNU Toolchain (HKLM-x32\...\{08B03F6C-2739-4178-85FB-AAC67B4E51F6}) (Version: 4.8.1426 - Atmel)
Atmel AVR (32 bit) GNU Toolchain (HKLM-x32\...\{7BEE75D3-B4D8-428B-A619-0A717EB7AA7E}) (Version: 3.4.1057 - Atmel)
Atmel AVR (8 bit) GNU Toolchain (HKLM-x32\...\{132C587D-2A0B-494C-86FB-7383D48EB850}) (Version: 3.4.1056 - Atmel)
Atmel JungoUSB (HKLM-x32\...\{495AA4EB-6AF7-4D8E-89E0-EDEFD1D58950}) (Version: 6.2.86 - Atmel) Hidden
Atmel Kits (HKLM-x32\...\{6AA7B5AC-161F-4FEB-B559-AA81AA141BBF}) (Version: 6.2.39 - Atmel)
Atmel LibUSB (HKLM-x32\...\{89D20A20-5E12-435E-ABD6-C85461114332}) (Version: 6.2.38 - Atmel) Hidden
Atmel SeggerUSB (HKLM-x32\...\{586416F9-AACB-424A-B3B4-CFA7A850A6E6}) (Version: 6.2.22 - Atmel) Hidden
Atmel Studio 6.2 (HKLM-x32\...\{D64E2610-CFBA-4EA0-9EC3-00EB134B04A1}) (Version: 6.2.1153 - Atmel)
Atmel Studio Backend (HKLM-x32\...\{8D623996-B0EF-448A-BE23-9E3198C806A5}) (Version: 1.11.412 - Atmel Corporation)
Atmel Studio InfFiles (HKLM-x32\...\{DD8CABB7-6F70-46CB-A3C7-A544E3BFF0A7}) (Version: 6.2.80 - Atmel Corporation) Hidden
Atmel Studio Memory Logger (HKLM-x32\...\{612F3078-C59F-40DA-B649-491CE9522DDF}) (Version: 6.2.167 - Atmel)
Atmel USB Driver Package (HKLM-x32\...\{0b919373-80a6-47d9-8542-540e14f914dc}) (Version: 6.2.241 - Atmel)
Atmel WinUSB (HKLM-x32\...\{4884F982-C0BF-48FD-BF05-4517757984C9}) (Version: 6.2.22 - Atmel) Hidden
AtmelSoftwareFramework (HKLM-x32\...\{666E30F7-A2EF-4A99-A897-18F9811DD196}) (Version: 3.16.1275 - Atmel)
Autodesk Inventor Content Center Libraries 2012 (Desktop Content) (HKLM\...\{B46DECD1-1664-4EF1-0000-22D71E81877C}) (Version: 16.0.16000.0000 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (HKLM\...\{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 Language Pack (HKLM\...\{FFF7F80F-929E-497F-A112-B070DE816128}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Professional 2012 (HKLM\...\{7F4DD591-1664-0409-0000-7107D70F3DB4}) (Version: 16.0.16000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2012 English (HKLM\...\Autodesk Inventor Professional 2012) (Version: 16.0.16000.0000 - Autodesk)
Autodesk Inventor Professional 2012 English Language Pack (HKLM\...\{7F4DD591-1664-0409-0001-7107D70F3DB4}) (Version: 16.0.16000.0000 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Vault 2012 (Client) (HKLM\...\{CF526A26-1664-0000-0000-02E95019B628}) (Version: 16.0.56.200 - Autodesk, Inc.) Hidden
Autodesk Vault 2012 (Client) (HKLM-x32\...\Autodesk Vault 2012 (Client)) (Version: 16.0.56.200 - Autodesk, Inc.)
Autodesk Vault 2012 (Client) English Language Pack (HKLM\...\{266597A9-1664-0000-0100-DCBF2B69166B}) (Version: 16.0.56.200 - Autodesk, Inc.) Hidden
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.2 - Atmel)
AVR macro Assembler (HKLM-x32\...\{F416CF32-64E4-4E86-BB0E-1FF6891004E7}) (Version: 2.1.1117 - Atmel)
AVR Studio 4.19 (HKLM-x32\...\{C1AC4F7A-4B50-4903-882A-D61D3D13782D}) (Version: 4.19.730 - Atmel) Hidden
AVR Studio 4.19 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.19.730 - Atmel)
BASIC Stamp Editor v2.5.3 (HKLM-x32\...\{48CB43FD-FADB-4F72-BECE-E86BE7D70F8F}) (Version: 2.5.3 - Parallax Inc.)
Big Stretch Reminder v2 (HKLM-x32\...\BigStretch_is1) (Version: 2.0 - MonkeyMatt)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 8.2 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID CPU-Z 1.65.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Docklight V1.9 (HKLM-x32\...\FuH_Docklight_V1_9_is1) (Version: 1.9.21 - Flachmann und Heggelbacher)
DVDFab Virtual Drive (HKLM\...\DVDFab Virtual Drive_is1) (Version: 1.5.0.0 - Fengtao Software Inc.)
EMP Device Programming Software (HKLM-x32\...\EMP Device Programming Software) (Version:  - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
exPressit S.E. 2.2 (HKLM-x32\...\exPressit S.E. 2.2) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 2.0.0 - ASUS)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Git version 1.9.2-preview20140411 (HKLM-x32\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.14.0.0 - ARM Ltd)
Lantronix DeviceInstaller 4.4.0.0 (x64) (HKLM\...\{5BC674A8-197F-42CA-B43A-B67E01CA2380}) (Version: 44.00.0500 - Lantronix)
LavasoftTcpService (HKLM-x32\...\{A923CF0A-44D9-4357-B2E8-0A2352151A3C}) (Version: 2.3.4.7 - Lavasoft) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MED CX Texteditor (HKLM-x32\...\MEDCX) (Version:  - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Basic Power Packs 3.0 (HKLM-x32\...\{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}) (Version: 9.0.30214 - Microsoft)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MosChip PCI Multi-IO Controller (HKLM\...\ASIX Electronics Corporation) (Version:  - )
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
MPLAB C for PIC18 MCUs (HKLM-x32\...\MPLAB C for PIC18 MCUs v3.47) (Version: v3.47 - Microchip)
MPLAB Tools v8.91 (HKLM-x32\...\{1C437A53-4A7A-4589-A19E-0BD23C5EB618}) (Version: 8.91 - Microchip Technology Inc.) Hidden
MPLAB Tools v8.91 (HKLM-x32\...\InstallShield_{1C437A53-4A7A-4589-A19E-0BD23C5EB618}) (Version: 8.91 - Microchip Technology Inc.)
MPLAB X IDE v2.20 (HKLM-x32\...\MPLAB X IDE v2.20 v2.20) (Version: v2.20 - Microchip)
MPLAB XC16 C Compiler (HKLM-x32\...\MPLAB XC16 C Compiler v1.21) (Version: v1.21 - Microchip)
MPLAB XC32 Compiler (HKLM-x32\...\MPLAB XC32 Compiler v1.31) (Version: v1.31 - Microchip)
MPLAB XC32 Compiler (HKLM-x32\...\MPLAB XC32 Compiler v1.32) (Version: v1.32 - Microchip)
MPLAB XC8 C Compiler (HKLM-x32\...\MPLAB XC8 C Compiler v1.30) (Version: v1.30 - Microchip)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Premium (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
Network Magic (HKLM-x32\...\{0F1649F6-F84B-41B2-980B-D2371BA389B3}) (Version: 4.7.8023.0 - Pure Networks) Hidden
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 4.7.8023.0 - Pure Networks)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 296.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.16 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 296.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Suite 2013 (HKLM-x32\...\{D6D4646B-BDBA-4EBC-BFDD-8F880F8B6A03}) (Version: 10.0.54.8706 - Interactive Brands Malta Limited)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PICkit 2 v2.61 (HKLM-x32\...\{2818ADC7-C1FB-40A8-BE6B-36B62682E9E8}) (Version: 2.61.00 - Microchip)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Protel 99 SE (HKLM-x32\...\{498EE1A0-971C-11D3-A365-0080C8D7EFAF}) (Version:  - )
Protel 99 SE Service Pack 6 (HKLM-x32\...\Protel 99 SE Service Pack 6) (Version:  - )
Protel 99 SE Tutorial (HKLM-x32\...\{C86AC2A0-DDAA-11D3-9B31-00A0C971727F}) (Version:  - )
Pure Networks Platform (HKLM-x32\...\{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}) (Version: 10.0.8023.0 - Pure Networks) Hidden
Quick Uninstall Tool for Autodesk Inventor 2012 (HKLM\...\{D25FF5C1-1664-469A-9794-69309387C193}) (Version: 16.0.16000.0000 - Autodesk)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QW 9100 Ctrl Pow Mon (HKLM-x32\...\ST6UNST #1) (Version:  - )
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{E883ECE4-1189-413A-894D-B7C4B17F0607}) (Version: 1.0.7.0 - Ralink)
RAPTOR (HKLM-x32\...\{43958AAA-7BF5-462D-8ED4-2C9639F5B7D8}) (Version: 4.0.6003 - USAFA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SharpDevelop 4.4 (HKLM-x32\...\{814E4191-A98A-4CDF-99AE-E6D6BACEA22F}) (Version: 4.4.9729 - ic#code)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
SolidWorks 2014 x64 Edition SP02 (HKLM\...\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}) (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks Composer 2014 SP02 x64 Edition (HKLM\...\{EB45AA0F-96A7-4583-9E6F-6CA4DCFE67CE}) (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (HKLM\...\{1D6EE468-49CC-4BF5-9A7A-4C8175EFA47A}) (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Electrical 2014 SP02 x64 Edition (HKLM\...\{3F08399F-67CD-4950-AED0-64A9590FE626}) (Version: 22.20.40 - DS SolidWorks) Hidden
SolidWorks Explorer 2014 SP02 x64 Edition (HKLM\...\{0C10FAF1-35D5-416A-B7C1-4168ED9485FA}) (Version: 22.20.40 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2014 SP02 x64 Edition  (HKLM\...\{4DC5DE7E-E67D-4A2B-8E67-EB7B28045247}) (Version: 22.20.41 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 x64 Edition (HKLM\...\{104E8BAF-2E2A-4467-A5C0-92ED92F26547}) (Version: 22.20.40 - SolidWorks Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
StyleCop 4.7.48.0 (HKLM-x32\...\{559EF813-E432-4599-985B-996E12272CF0}) (Version: 4.7.48.0 - http://stylecop.codeplex.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC Runtimes MSI (HKLM-x32\...\{FF29527A-44CD-3422-945E-981A13584000}) (Version: 9.0.21022 - Microsoft) Hidden
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - KEIL - Tools By ARM (WinUSB) USB  (08/29/2013 1.0.0.3) (HKLM\...\C96E78AFEDFD4529DF572369E6FD81679F49E548) (Version: 08/29/2013 1.0.0.3 - KEIL - Tools By ARM)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (04/10/2012 2.08.24) (HKLM\...\E7935BC7ABB67CCFC3C7470E02149804B929A2C6) (Version: 04/10/2012 2.08.24 - Parallax Inc)
Windows Driver Package - Segger (jlink) USB  (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows Driver Package - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.5.4 (HKLM-x32\...\winscp3_is1) (Version: 5.5.4 - Martin Prikryl)
Wireshark 1.10.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.3 - The Wireshark developer community, http://www.wireshark.org)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 16339.61 MB
Available physical RAM: 12391.05 MB
Total Virtual: 32677.42 MB
Available Virtual: 28303.98 MB

========================= Partitions: =====================================

1 Drive c: (WIN7) (Fixed) (Total:736.02 GB) (Free:556.73 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:1103.93 GB) (Free:1068.79 GB) NTFS

========================= Users: ========================================
========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

17-06-2015 17:47:08 LavasoftWeCompanion
19-06-2015 22:19:51 Installed OpenOffice 4.1.1
29-06-2015 19:23:26 Scheduled Checkpoint
30-06-2015 14:12:22 Removed Apple Software Update
30-06-2015 14:16:17 Removed Apple Application Support
30-06-2015 14:19:33 Removed Apple Software Update
30-06-2015 20:36:57 Installed LM Flash Programmer
02-07-2015 19:44:47 LavasoftWeCompanion

**** End of log ****
 



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 06 July 2015 - 12:20 PM

Hello,

Please perform a clean boot using instructions here, then uninstall the following software from Programs and Features:

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)

If you run into any issues, let me know.

After that revert clean boot and reboot into normal mode, then run this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#5 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 01:14 PM

I couldn't find a way to attach the file. I hope putting the contents in the post is OK.

 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/6/2015 10:53:49 AM
User account: CAD2\Terry

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/6/2015 10:54:08 AM
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1059\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1059\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    74512
Found    11

Scan end:    7/6/2015 10:58:54 AM
Scan time:    0:04:46

Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1059\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1059\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2130082216-3262654796-767730215-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    9
 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 06 July 2015 - 01:31 PM

Hi there,

Please manually update Malwarebytes to get version 2.1.8 (it will require a reboot), then perform a Threat Scan and post the log for me. You can find it in History => Application Logs.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#7 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 01:37 PM

I currently have MBAM 2.1.8.1057 installed do I need to update before running this scan?



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 06 July 2015 - 01:39 PM

Your MiniToolbox log stated that you have version 2.0.2.1012. But please update anyway since there may be new signatures :)

#9 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 01:51 PM

Here is the MBAM log. Running ESET now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2015
Scan Time: 11:35:31 AM
Logfile:
Administrator: Yes

Version: 2.01.8.1057
Malware Database: v2015.07.06.05
Rootkit Database: v2015.07.05.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Terry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 535713
Time Elapsed: 10 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 July 2015 - 04:37 PM

Here is what ESET found.

 

C:\Program Files\SolidWorks Corp\SolidWorks Electrical\Redist\PDFCreator-1_2_3_setup.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
C:\Sandbox\Terry\DefaultBox\drive\D\SoftLib\Firefox\Firefox_Setup_34.0.exe    a variant of Win32/DownloadAssistant.A potentially unwanted application    cleaned by deleting - quarantined
D:\SoftLib\Advanced IP Scanner\cnet2_ipscan22_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    cleaned by deleting - quarantined
D:\SoftLib\BurnAwayfree\burnaware_free.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
D:\SoftLib\CPUID\cpu-z_1.55-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
D:\SoftLib\Microsoft Publisher 2003\Nero Burning ROM 7.8.5\Nero-7.8.5.0_eng_trial.exe    Win32/Toolbar.AskSBar potentially unwanted application    deleted - quarantined
D:\SoftLib\Microsoft Publisher 2003\PDF2EXE\pdf2exe-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
D:\SoftLib\Nero Burning ROM 7.8.5\Nero-7.8.5.0_eng_trial.exe    Win32/Toolbar.AskSBar potentially unwanted application    deleted - quarantined
D:\SoftLib\PDF2EXE\pdf2exe-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
D:\SoftLib\PDFCreator\PDFCreator-1_7_3_setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted - quarantined
D:\SoftLib\Shadowboxie\cbsidlm-cbsi213-Sandboxie-ORG-10371434.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined
 



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 06 July 2015 - 06:12 PM

Let's see if this will repair Safe Mode.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

Regards,
Alex

#12 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 July 2015 - 03:30 PM

Well that took a while. There are 9 txt files from windows repair and 2 chkdsk logs. Do you really want me to paste the contents of each of them into a reply? Is there a way to attach them, or upload the files, and link to them? 

 

I'm getting an EPUHelp popup at login now saying that it has stopped working. This is an ASUS computer, so it could be legit. I've also read that EPUHelp in some cases can be a disguise for malware.

 

For now here is the Windows repair log:

 

Tweaking.com - Windows Repair v3.2.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: CAD2
Windows Drive: C:\
Windows Path: C:\windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Terry
Current Profile SID: S-1-5-21-2130082216-3262654796-767730215-1001
Current Profile Classes: S-1-5-21-2130082216-3262654796-767730215-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\windows\ServiceProfiles
Local Settings AppData: C:\Users\Terry\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:23:03

Process Count: 58
Commit Total: 3.76 GB
Commit Limit: 31.91 GB
Commit Peak: 3.79 GB
Handle Count: 21996
Kernel Total: 1.13 GB
Kernel Paged: 967.67 MB
Kernel Non Paged: 189.60 MB
System Cache: 7.27 GB
Thread Count: 997
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.96 GB
Memory Used: 3.70 GB(23.2145%)
Memory Avail.: 12.25 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.96 GB
Memory Used: 3.72 GB(23.2823%)
Memory Avail.: 12.24 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (7/7/2015 11:27:37 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 188
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (7/7/2015 11:27:40 AM)

   Running Repair Under Current User Account
   Done (7/7/2015 11:28:56 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (7/7/2015 11:28:56 AM)


Decompressing & Updating Windows Permission File services.txt
Done,  0.57 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:45:00 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (7/7/2015 11:45:00 AM)

   Running Repair Under System Account
   Done (7/7/2015 11:49:45 AM)

03 - Reset Service Permissions
   Start (7/7/2015 11:49:45 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:50:25 AM)

04 - Register System Files
   Start (7/7/2015 11:50:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:51:31 AM)

05 - Repair WMI
   Start (7/7/2015 11:51:31 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Norton Security Suite Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Norton Security Suite Exported.

   Exporting 3rd Party Firewall Info...
   Norton Security Suite Exported.

   Running Repair Under Current User Account
   Done (7/7/2015 11:53:33 AM)

06 - Repair Windows Firewall
   Start (7/7/2015 11:53:33 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.12 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:54:20 AM)

07 - Repair Internet Explorer
   Start (7/7/2015 11:54:20 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:54:56 AM)

08 - Repair MDAC/MS Jet
   Start (7/7/2015 11:54:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:55:12 AM)

09 - Repair Hosts File
   Start (7/7/2015 11:55:12 AM)
   Running Repair Under System Account
   Done (7/7/2015 11:55:14 AM)

10 - Remove Policies Set By Infections
   Start (7/7/2015 11:55:14 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:55:18 AM)

12 - Repair Icons
   Start (7/7/2015 11:55:18 AM)
   Running Repair Under Current User Account
   Done (7/7/2015 11:55:20 AM)

13 - Repair Network
   Start (7/7/2015 11:55:20 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:55:38 AM)

15 - Repair Proxy Settings
   Start (7/7/2015 11:55:38 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:55:40 AM)

17 - Repair Windows Updates
   Start (7/7/2015 11:55:40 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.15 seconds.

   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (7/7/2015 11:56:19 AM)

18 - Repair CD/DVD Missing/Not Working
   Start (7/7/2015 11:56:19 AM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (7/7/2015 11:56:19 AM)

19 - Repair Volume Shadow Copy Service
   Start (7/7/2015 11:56:19 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:56:49 AM)

21 - Repair MSI (Windows Installer)
   Start (7/7/2015 11:56:49 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.12 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:57:06 AM)

23.01 - Repair bat Association
   Start (7/7/2015 11:57:06 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:08 AM)

23.02 - Repair cmd Association
   Start (7/7/2015 11:57:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:11 AM)

23.03 - Repair com Association
   Start (7/7/2015 11:57:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:13 AM)

23.04 - Repair Directory Association
   Start (7/7/2015 11:57:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:15 AM)

23.05 - Repair Drive Association
   Start (7/7/2015 11:57:15 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:17 AM)

23.06 - Repair exe Association
   Start (7/7/2015 11:57:17 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:19 AM)

23.07 - Repair Folder Association
   Start (7/7/2015 11:57:19 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:21 AM)

23.08 - Repair inf Association
   Start (7/7/2015 11:57:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:23 AM)

23.09 - Repair lnk (Shortcuts) Association
   Start (7/7/2015 11:57:23 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:26 AM)

23.10 - Repair msc Association
   Start (7/7/2015 11:57:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:28 AM)

23.11 - Repair reg Association
   Start (7/7/2015 11:57:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:30 AM)

23.12 - Repair scr Association
   Start (7/7/2015 11:57:30 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:32 AM)

24 - Repair Windows Safe Mode
   Start (7/7/2015 11:57:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:57:34 AM)

25 - Repair Print Spooler
   Start (7/7/2015 11:57:34 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.13 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:57:53 AM)

26 - Restore Important Windows Services
   Start (7/7/2015 11:57:53 AM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.15 seconds.

   Running Repair Under System Account
   Done (7/7/2015 11:58:09 AM)

27 - Set Windows Services To Default Startup
   Start (7/7/2015 11:58:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:58:23 AM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (7/7/2015 11:58:23 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 11:58:26 AM)

33 - Repair Performance Counters
   Start (7/7/2015 11:58:26 AM)
   Running Repair Under Current User Account
   Done (7/7/2015 11:58:34 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (7/7/2015 11:58:34 AM)
   Total Repair Time: 00:30:59


...YOU MUST RESTART YOUR SYSTEM...
 

 

And the chkdsk log:

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Terry\Desktop\Malwear\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is WIN7.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
 0 percent complete. (0 of 559360 file records processed)     
9 percent complete. (503424 of 559360 file records processed)     
559360 file records processed.                                         

File verification completed.
  1739 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  91 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
11 percent complete. (13171 of 691966 index entries processed)    
12 percent complete. (26952 of 691966 index entries processed)    
53 percent complete. (603865 of 691966 index entries processed)    
Index entry 9524E5754F93E7E61244F452A3221777752AD4ED in index $I30 of file 326045 is incorrect.
Index entry 9524E5~1 in index $I30 of file 326045 is incorrect.
55 percent complete. (625518 of 691966 index entries processed)    
691966 index entries processed.                                        

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

C:\>



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 07 July 2015 - 03:39 PM

The log from Windows Repair All-In-One indicates that Safe Mode has been repaired. Can you try booting into Safe Mode now and see if the problem still persists?

For the EPUHelp file...

Autoruns by Sysinternals

Please follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns from here.
  • Extract the content of the Autoruns.zip folder on the Desktop.
  • Open the Autoruns folder, right click on Autoruns.exe and click Run as Administrator.
  • Accept the EULA on opening, then wait for all the entries to load.
  • Click on File, then Save and save the file to your Desktop.
  • Go on ge.tt and upload the Autoruns file you saved.
  • Please copy and post the download URL of your uploaded file in your next reply.
Regards,
Alex

#14 Droidling

Droidling
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 July 2015 - 03:53 PM

Yeah!! I can log into safe mode now.

 

The Autorun arn:

 

http://ge.tt/5pHWCuJ2/v/0?c



#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:37 AM

Posted 07 July 2015 - 04:14 PM

Hi there,

Re-open Autoruns, then right click on these entries and select Delete:
C5FceuB.png

Let's see where the EPUHelp file is.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    EPUHelp.*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users