Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ALL browsers open tabs to adverts - tried almost all scan software


  • This topic is locked This topic is locked
19 replies to this topic

#1 iedgar10

iedgar10

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 16 August 2015 - 03:25 PM

Hello and than you in advance for any help! 
I have a computer in which IE and Chrome open tabs to advertisements. No downloads are started, just advertisements to various pages. IE has a "shopping assistant" floating window that says "ads by jabuticaba." I have tried almost everything tor remove it including, in this order, 

1- rkill

2-revouninstall all unknown programs

3-roguekiller

4-JRT 
5-spybot search and destroy 
6-superantispyware

7-mbam

8-Zoek (script autoclean; emptyalltemp; ipconfig /flushdns; B)

9-tdsskiller

10-adwcleaner

11-delfix

12-netadapter (advanced)

 

EDIT: I also used ESET online scanner and HITMANPRO

all in safe mode and no dice. the advertisements are still there. Also, the host file is consistently modified. But, even after I restore host file, the advertisements still appear. Also, the advertisements still open in safemode. I also REVO advanced uninstalled Chrome in case chrome install was bad. I've also reset all IE settings 

 

EDIT 2: The user here seems to have the same issue: http://www.bleepingcomputer.com/forums/t/584783/browser-pop-up-malware/page-2?hl=+jabuticaba

 

This computer has frustrated me so much! Any help is greatly appreciated. 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Eva Margolies (administrator) on HPDESKTOP (16-08-2015 16:02:26)
Running from C:\Users\Eva Margolies\Desktop
Loaded Profiles: Eva Margolies (Available Profiles: Eva Margolies)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-01-30] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1553242553-66657035-171981457-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1553242553-66657035-171981457-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-1553242553-66657035-171981457-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {4BD891B3-3CF0-4049-9996-6AD339BE6230} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {4BD891B3-3CF0-4049-9996-6AD339BE6230} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1553242553-66657035-171981457-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{F19CE9D1-DD94-4406-84A2-0FA59E25E68A}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{FFF888E7-F772-4F26-9640-332018EBAF67}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Eva Margolies\AppData\Roaming\Mozilla\Firefox\Profiles\lkzi83h9.default-1439313888268
FF DefaultSearchEngine: Google
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-16]
CHR Extension: (YouTube) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-16]
CHR Extension: (Google Search) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-16]
CHR Extension: (Google Sheets) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (Gmail) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [331776 2013-01-30] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-02-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S4 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [296896 2015-07-10] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-16] ()
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 16:02 - 2015-08-16 16:02 - 00013583 _____ C:\Users\Eva Margolies\Desktop\FRST.txt
2015-08-16 16:00 - 2015-08-16 16:02 - 00000000 ____D C:\FRST
2015-08-16 16:00 - 2015-08-16 15:59 - 02173440 _____ (Farbar) C:\Users\Eva Margolies\Desktop\FRST64.exe
2015-08-16 15:48 - 2015-08-16 15:48 - 00007670 _____ C:\Users\Eva Margolies\Desktop\hijackthis.log
2015-08-16 15:47 - 2015-08-16 15:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eva Margolies\Downloads\HijackThis.exe
2015-08-16 15:47 - 2015-08-16 15:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eva Margolies\Desktop\HijackThis.exe
2015-08-16 15:33 - 2015-08-16 15:33 - 05634818 _____ (Swearware) C:\Users\Eva Margolies\Downloads\ComboFix.exe
2015-08-16 15:33 - 2015-08-16 15:33 - 05634818 _____ (Swearware) C:\Users\Eva Margolies\Desktop\ComboFix.exe
2015-08-16 15:31 - 2015-08-16 15:36 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 15:31 - 2015-08-16 15:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 15:31 - 2015-08-16 15:31 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-16 15:31 - 2015-08-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-16 15:30 - 2015-08-16 15:30 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Deployment
2015-08-16 15:27 - 2015-08-16 15:27 - 00000000 ____D C:\Users\Eva Margolies\Desktop\rootkitrevealer
2015-08-16 15:27 - 2015-08-16 15:18 - 00958328 _____ C:\Users\Eva Margolies\Desktop\Norton_Removal_Tool.exe
2015-08-16 15:10 - 2015-08-16 15:10 - 00000628 _____ C:\DelFix.txt
2015-08-16 14:56 - 2015-08-16 14:56 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-08-16 14:56 - 2015-08-16 14:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-16 14:25 - 2015-08-16 14:25 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\VirtualStore
2015-08-16 13:23 - 2015-08-16 13:14 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-08-16 13:14 - 2015-08-16 15:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\CrashDumps
2015-08-16 12:52 - 2015-08-16 13:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-16 11:42 - 2015-08-16 14:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-16 11:42 - 2015-08-16 11:42 - 00000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-08-16 11:42 - 2015-08-16 11:42 - 00000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-16 11:42 - 2015-08-16 11:42 - 00000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-08-16 11:37 - 2015-08-16 14:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-16 11:33 - 2015-08-16 11:34 - 00000000 ____D C:\Users\Eva Margolies\Desktop\delete
2015-08-16 10:31 - 2015-08-16 10:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-15 23:05 - 2015-08-16 11:05 - 00000000 ____D C:\ProgramData\MFAData
2015-08-15 18:45 - 2015-08-15 18:45 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-15 17:21 - 2015-08-15 17:21 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\TeamViewer
2015-08-15 17:20 - 2015-08-15 17:20 - 08098552 _____ (TeamViewer GmbH) C:\Users\Eva Margolies\Downloads\TeamViewer_Setup_en (1).exe
2015-08-14 08:14 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 08:14 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:50 - 2015-08-12 10:50 - 00015829 _____ C:\Users\Eva Margolies\Documents\Sales Strategies 2.odt
2015-08-12 06:30 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 06:30 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 06:30 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 06:30 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 06:30 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 06:30 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 06:30 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 06:30 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 06:30 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 06:29 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 06:29 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 06:29 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 06:29 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 06:29 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 06:29 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 06:29 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 06:29 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 06:29 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 06:29 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 06:29 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 06:29 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 06:29 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 06:29 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 06:29 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 06:29 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 06:29 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 06:29 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 06:29 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 06:29 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 06:29 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 06:29 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 06:29 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 06:29 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 06:29 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 06:29 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 06:29 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 06:29 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 06:29 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 06:29 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 06:29 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 06:29 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 06:27 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 06:27 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 06:27 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 06:27 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 06:26 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 06:26 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 06:25 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 06:25 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 06:25 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 06:25 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 06:24 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 06:20 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 06:20 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 06:19 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 06:19 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 06:19 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 06:19 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 06:19 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 06:19 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 06:19 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 06:19 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 06:19 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 06:19 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 06:19 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 06:18 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 06:18 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 06:17 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 06:17 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 06:17 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 06:14 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 06:13 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 06:13 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 06:13 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 06:13 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 06:13 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 06:13 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 06:13 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 06:13 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 06:13 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 06:13 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 06:13 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 06:13 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-11 22:52 - 2015-08-11 22:52 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\GWX
2015-08-11 21:18 - 2015-08-11 21:19 - 00000000 ____D C:\Users\Eva Margolies\Pavark
2015-08-11 21:14 - 2015-08-11 21:14 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\Macromedia
2015-08-11 21:14 - 2015-08-11 21:14 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\Adobe
2015-08-11 20:56 - 2015-08-11 20:56 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\AVG2015
2015-08-11 20:55 - 2015-08-11 20:56 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-11 20:55 - 2015-08-11 20:55 - 00000988 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ___HD C:\$AVG
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-11 20:53 - 2015-08-11 20:53 - 00000299 _____ C:\Users\Eva Margolies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2015-08-11 20:52 - 2015-08-11 21:01 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Avg2015
2015-08-11 20:35 - 2015-08-16 11:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-11 20:31 - 2015-08-11 20:45 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\AvgSetupLog
2015-08-11 18:31 - 2015-08-16 15:26 - 00023414 _____ C:\WINDOWS\PFRO.log
2015-08-11 18:31 - 2015-08-16 15:26 - 00000847 _____ C:\WINDOWS\setupact.log
2015-08-11 18:31 - 2015-08-11 18:31 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-11 17:59 - 2015-08-16 14:56 - 01193793 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 17:36 - 2015-08-11 17:36 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HPDESKTOP-Windows-8.1-(64-bit).dat
2015-08-11 17:15 - 2015-08-16 15:31 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-11 17:14 - 2015-08-16 15:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-11 17:11 - 2015-08-11 17:12 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\WinPatrol
2015-08-11 17:11 - 2015-08-11 17:11 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-08-11 16:48 - 2015-08-11 16:48 - 00024106 _____ C:\WINDOWS\system32\.crusader
2015-08-11 16:31 - 2015-08-16 14:34 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-08-11 13:24 - 2015-08-11 13:24 - 00000000 ____D C:\Users\Eva Margolies\Desktop\Old Firefox Data
2015-08-11 13:17 - 2015-08-11 13:17 - 00001548 _____ C:\Users\Eva Margolies\Desktop\internet Explorer.lnk
2015-08-09 15:24 - 2015-08-09 15:24 - 00001636 _____ C:\ProgramData\tempimage.bmp
2015-08-08 09:32 - 2015-08-08 09:32 - 00003864 _____ C:\WINDOWS\System32\Tasks\Notify Helper
2015-08-08 09:32 - 2015-08-08 09:32 - 00003558 _____ C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start
2015-08-07 15:50 - 2015-08-09 18:20 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-07 15:45 - 2015-08-07 15:45 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\WINDOWS\system32\dagr
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-07-26 22:38 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-07-26 22:38 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 16:01 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-16 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-16 15:37 - 2015-02-17 18:43 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1553242553-66657035-171981457-1001
2015-08-16 15:31 - 2015-02-17 18:49 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-16 15:31 - 2015-02-17 18:49 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Google
2015-08-16 15:29 - 2015-02-17 19:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\ClassicShell
2015-08-16 15:26 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 14:52 - 2015-02-17 18:37 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{669DF707-125D-4385-8470-6FE56F8E195E}
2015-08-16 14:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-16 11:29 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-16 09:23 - 2015-02-17 13:01 - 00000000 ____D C:\Users\Eva Margolies\Desktop\Old files
2015-08-15 18:50 - 2015-02-17 19:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Adobe
2015-08-15 18:23 - 2013-08-22 10:44 - 00410896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-15 18:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-14 09:40 - 2015-02-20 19:06 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-14 09:34 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-14 08:14 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-14 08:13 - 2015-02-17 20:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 08:11 - 2015-02-17 20:28 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 08:10 - 2015-02-18 00:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-14 08:10 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-14 08:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-14 08:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 08:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 22:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-11 21:18 - 2015-02-20 16:14 - 00000000 ____D C:\Users\Eva Margolies
2015-08-11 21:01 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-11 20:55 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-11 20:29 - 2013-05-15 16:22 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-11 19:55 - 2015-02-17 18:37 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Packages
2015-08-11 18:03 - 2013-08-22 09:25 - 00000230 _____ C:\WINDOWS\win.ini
2015-08-11 17:59 - 2015-02-20 16:11 - 00956540 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-11 16:26 - 2015-02-17 18:45 - 00000000 ____D C:\Users\Eva Margolies\Documents\EasyDuplicateFinder
2015-08-10 12:01 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-08-10 12:01 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Speech
2015-08-10 11:16 - 2015-02-17 19:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-10 11:16 - 2013-05-15 16:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-08-09 17:30 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-08 09:55 - 2014-11-21 12:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:55 - 2014-11-21 12:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 15:33 - 2014-11-21 05:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-07 15:33 - 2014-11-21 05:15 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-07-26 06:56 - 2015-04-04 08:50 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-17 11:16 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-17 11:16 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
 
==================== Files in the root of some directories =======
 
2015-08-09 15:24 - 2015-08-09 15:24 - 0001636 _____ () C:\ProgramData\tempimage.bmp
 
Some files in TEMP:
====================
C:\Users\Eva Margolies\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Eva Margolies\AppData\Local\Temp\RWWY.exe
C:\Users\Eva Margolies\AppData\Local\Temp\SKANZNOEI.exe
C:\Users\Eva Margolies\AppData\Local\Temp\URJLNIQ.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2014-11-21 05:15] - [2015-08-07 15:33] - 0657920 ____A (Microsoft Corporation) 5A481560182A82C4567AC7A87BFA20DE
 
C:\WINDOWS\SysWOW64\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-16 13:39
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Eva Margolies (2015-08-16 16:03:58)
Running from C:\Users\Eva Margolies\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1553242553-66657035-171981457-500 - Administrator - Disabled)
Eva Margolies (S-1-5-21-1553242553-66657035-171981457-1001 - Administrator - Enabled) => C:\Users\Eva Margolies
Guest (S-1-5-21-1553242553-66657035-171981457-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1553242553-66657035-171981457-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7378D661-1AD0-CB5A-FA5B-B73C8037E393}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LibreOffice 4.4.0.3 (HKLM-x32\...\{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}) (Version: 4.4.0.3 - The Document Foundation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
07-08-2015 04:12:33 Scheduled Checkpoint
08-08-2015 08:42:37 Restore Operation
09-08-2015 18:25:25 JRT Pre-Junkware Removal
11-08-2015 17:07:16 Removed Adblock Plus for IE (32-bit and 64-bit)
15-08-2015 17:51:57 zoek.exe restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-08-16 15:50 - 00000705 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02EBE3E5-A29D-4502-886F-A0C84B0A28DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {15675B1A-FA7E-4CDF-8B01-F00B699013B9} - System32\Tasks\System Cleaner Pro Auto Start => C:\Program Files (x86)\System Cleaner Pro\SystemCleanerPro.exe
Task: {2EA1B0E9-B39F-4B42-8B99-C09062B0101F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {32B37060-BD8B-4064-BCE4-E8DA6BBECFA2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {379C5794-E3ED-472E-8BF5-48A0088116BB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {46E022C3-D0E6-4C12-A643-27A492091F50} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {56DDF4CF-08B4-4452-BD45-10E1707D859F} - System32\Tasks\Notify Helper => C:\Program Files (x86)\System Cleaner Pro\\NotifyHelper.exe
Task: {5B39608B-DCA2-4979-BFA6-0CF57B601E23} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {76948196-918C-4278-8091-2E3A8B00374E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {83ECBBCF-19B0-4F69-A8C8-BAAB440AE802} - \snf -> No File <==== ATTENTION
Task: {8B759052-F2A3-4050-842B-BD57C1457DF9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-14] (Microsoft Corporation)
Task: {95109612-CA39-4B80-80FE-C50ACA9FCF1B} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {A0DE6183-160D-4525-945E-815203E49952} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {A50E7C40-ED3A-463D-8C77-B22810B0DD20} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {AC7254C7-09D8-4B5F-A6A1-B441429A2FAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AF622C06-AD23-446B-9E28-E363204E7242} - \bvxvyxvec -> No File <==== ATTENTION
Task: {C2BF5EBA-6BFC-4432-8679-8697CD204AAD} - \snp -> No File <==== ATTENTION
Task: {CBFE5876-CEB8-4D2C-B64B-C7CE0706E3A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DD743653-07C1-4CB0-B422-DA8F579F181F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {E3E8E8C6-B0CB-4C80-B1A8-44D041F02C0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {F0128748-27EA-4761-90F9-2E009D0D4AAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {F1AEE13D-9543-4DB0-98C9-3FBAE5A3997E} - \Glopbbiq -> No File <==== ATTENTION
Task: {F2EC4EBD-9E19-43A5-9BFC-1B4C01CC958B} - \EKTCHDIZSV1 -> No File <==== ATTENTION
Task: {FCDD5EAB-39F4-4AC9-8D60-E7A76CF96B90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => 0x030601002B264B14BD9DFF4A98F2F02F2962CAB746005E020000000000000000200000000014730F000000000313040000248005000000000000000000000000000000000000400043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005500700064006100740065002E0065007800650000002B002F006100750074006F0075007000640061007400650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F007300650020002F006200610063006B00670072006F0075006E006400000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007A00540068006900730020007400610073006B002000770069006C006C00200072006500670075006C00610072006C007900200063006800650063006B00200066006F007200200073006F00660074007700610072006500200075007000640061007400650073002C00200061006E006400200069006E007300740061006C006C00200061006E007900200061007600610069006C00610062006C006500200075007000640061007400650073002C00200074006F00200065006E007300750072006500200079006F00750020006100720065002000770065006C006C002D00700072006F007400650063007400650064002E000000000008000313040000000000010030000000DF07080010000000000000000B002A0000000000000000000000000007000000010000000000000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x030601006D640C563CE0454A871563569905B806460042020000000000000000200000000014730F000000000313040000208001000000000000000000000000000000000000420043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF070800100000000000000000001E0000000000000000000000000002000000010008000000000000000000
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => 0x030601007779491C592C0B41AF76D5CD6CFC13A3460098010000000000000000200000000014730F0000000003130400C02080010000000000000000000000000000000000003E0043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005300630061006E002E00650078006500000012002F007300630061006E0020002F0063006C00650061006E0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032000000320041002000660075006C006C002000730079007300740065006D0020007300630061006E0020006900730020007200650063006F006D006D0065006E0064006500640020006F006E0063006500200070006500720020006D006F006E00740068002E000000000008000313040000000000010030000000DF070800100000000000000000001E000000000000000000000000000300000001000000FF0F000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-21 02:35 - 2015-01-21 02:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-22 18:50 - 2013-01-22 18:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-05-15 16:09 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-08-16 15:31 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-16 15:31 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-16 15:31 - 2015-08-07 20:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35283824.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35283824.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1553242553-66657035-171981457-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AF0B5B9-6538-43FD-85B9-D3396B5B7037}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSB387.tmp\SymNRT.exe
FirewallRules: [{AE3B19E4-FB89-437F-BC4B-5FDB49548B05}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSB387.tmp\SymNRT.exe
FirewallRules: [{370A72A5-2939-497D-9354-ACF268158962}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2015 03:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xd88
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5
 
Error: (08/16/2015 03:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xd28
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5
 
Error: (08/16/2015 03:27:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xcd0
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5
 
Error: (08/16/2015 01:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffd81822f4c
Faulting process id: 0xbe0
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5
 
Error: (08/16/2015 01:14:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (08/16/2015 11:28:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3328
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3328
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2015 09:11:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (08/16/2015 03:26:12 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/16/2015 03:26:12 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/16/2015 03:25:35 PM) (Source: DCOM) (EventID: 10010) (User: HPDesktop)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/16/2015 03:13:09 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/16/2015 03:13:09 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/16/2015 02:57:09 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/16/2015 02:57:09 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/16/2015 02:48:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/16/2015 02:34:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (08/16/2015 02:33:55 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
 
Microsoft Office:
=========================
Error: (08/16/2015 03:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cdd8801d0d859e00bb377C:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exeC:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exe1dd9a059-444d-11e5-beb4-78e3b5c2e761
 
Error: (08/16/2015 03:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cdd2801d0d859c094f7fdC:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exeC:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exefe62e4bf-444c-11e5-beb4-78e3b5c2e761
 
Error: (08/16/2015 03:27:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cdcd001d0d859a17a24b0C:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exeC:\Users\Eva Margolies\Desktop\rootkitrevealer\RootkitRevealer.exee29e6e51-444c-11e5-beb4-78e3b5c2e761
 
Error: (08/16/2015 01:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2unknown0.0.0.000000000c000000500007ffd81822f4cbe001d0d847039dcd74C:\Users\EVAMAR~1\AppData\Local\Temp\DaS_21.exeunknown4219c617-443a-11e5-beaf-78e3b5c2e761
 
Error: (08/16/2015 01:14:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (08/16/2015 11:28:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147019873
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3328
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3328
 
Error: (08/16/2015 11:17:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2015 09:11:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
CodeIntegrity:
===================================
  Date: 2015-08-11 20:40:29.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-11 20:40:28.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-09 18:17:46.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-09 18:17:46.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5300 APU with Radeon™ HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 7365.5 MB
Available physical RAM: 5014.91 MB
Total Virtual: 7765.5 MB
Available Virtual: 5083.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:446.08 GB) (Free:381.01 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.76 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (TOSHIBA) (Removable) (Total:3.73 GB) (Free:1.84 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB948330)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of log ============================

Attached Files


Edited by iedgar10, 16 August 2015 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 17 August 2015 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S4 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys 
Task: {46E022C3-D0E6-4C12-A643-27A492091F50} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {83ECBBCF-19B0-4F69-A8C8-BAAB440AE802} - \snf -> No File <==== ATTENTION
Task: {95109612-CA39-4B80-80FE-C50ACA9FCF1B} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {AF622C06-AD23-446B-9E28-E363204E7242} - \bvxvyxvec -> No File <==== ATTENTION
Task: {C2BF5EBA-6BFC-4432-8679-8697CD204AAD} - \snp -> No File <==== ATTENTION
Task: {F1AEE13D-9543-4DB0-98C9-3FBAE5A3997E} - \Glopbbiq -> No File <==== ATTENTION
Task: {F2EC4EBD-9E19-43A5-9BFC-1B4C01CC958B} - \EKTCHDIZSV1 -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

You have used all of the tools we would use to clean your system and more.

Try this.

========================= How to Disable Flash: ==================

In I/E: http://www.ehow.com/...-off-flash.html
1 Launch Internet Explorer. Click "Tools" and click "Internet Options." Click the "Programs" tab.

2 Open the "Manage add-ons" button. Click the drop-down list under "Show" and select "Run without permission."

3 Click "Shockwave Flash Object" under the "Adobe System Incorporated" section. Click the "Disable" button. Reboot your system.

Disable Flash in IE10 Windows 8.
http://www.eightforums.com/browsers-mail/27982-disable-flash-ie10.html

___

In Chrome: https://support.google.com/chrome/answer/108086?hl=en

- Enter the following address in Chromes address bar to access the Plug-ins screen:
chrome://plugins/

Scroll down the list of plug-ins and click the Disable link located at the bottom of the Adobe Flash Player section to disable Flash.
___

In Firefox: Tools> Addons> Plugins> Shockwave Flash - Never Activate

>> Browser check: https://support.mozilla.org/en-US/questions/988836

If that fails you may have to remove Flash completely.

Any luck?

#3 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 17 August 2015 - 09:33 AM

Here is the log. currently trying to test if fixlist repaired anything but now chrome keeps crashing and saying preferences can't be read. 
Edit: There seem to be a lot of permission issues now.

EDIT 2: Can not download Chrome for some reason. It will get stuck on "downloading." Many icons have turned to a generic white block after fixlist also. 

EDIT 3: ADs still open up in IE. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Eva Margolies (2015-08-17 10:25:52) Run:1
Running from C:\Users\Eva Margolies\Desktop
Loaded Profiles: Eva Margolies (Available Profiles: Eva Margolies)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S4 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys 
Task: {46E022C3-D0E6-4C12-A643-27A492091F50} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {83ECBBCF-19B0-4F69-A8C8-BAAB440AE802} - \snf -> No File <==== ATTENTION
Task: {95109612-CA39-4B80-80FE-C50ACA9FCF1B} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {AF622C06-AD23-446B-9E28-E363204E7242} - \bvxvyxvec -> No File <==== ATTENTION
Task: {C2BF5EBA-6BFC-4432-8679-8697CD204AAD} - \snp -> No File <==== ATTENTION
Task: {F1AEE13D-9543-4DB0-98C9-3FBAE5A3997E} - \Glopbbiq -> No File <==== ATTENTION
Task: {F2EC4EBD-9E19-43A5-9BFC-1B4C01CC958B} - \EKTCHDIZSV1 -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0 => key not found. 
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
gusvc => service removed successfully
ZAMSvc => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46E022C3-D0E6-4C12-A643-27A492091F50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E022C3-D0E6-4C12-A643-27A492091F50}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DrspeedyPc Secure => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83ECBBCF-19B0-4F69-A8C8-BAAB440AE802}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83ECBBCF-19B0-4F69-A8C8-BAAB440AE802}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95109612-CA39-4B80-80FE-C50ACA9FCF1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95109612-CA39-4B80-80FE-C50ACA9FCF1B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF622C06-AD23-446B-9E28-E363204E7242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF622C06-AD23-446B-9E28-E363204E7242}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvec => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2BF5EBA-6BFC-4432-8679-8697CD204AAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2BF5EBA-6BFC-4432-8679-8697CD204AAD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1AEE13D-9543-4DB0-98C9-3FBAE5A3997E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1AEE13D-9543-4DB0-98C9-3FBAE5A3997E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Glopbbiq => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2EC4EBD-9E19-43A5-9BFC-1B4C01CC958B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2EC4EBD-9E19-43A5-9BFC-1B4C01CC958B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EKTCHDIZSV1" => key removed successfully
EmptyTemp: => 223.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:26:33 ====

Edited by iedgar10, 17 August 2015 - 10:10 AM.


#4 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 17 August 2015 - 12:47 PM

I have run Tweaking.com Windows Repair tool and ran all repairs and rebooted. I don't really know which of the repairs on the tool fixed it. Specifically when I went to mizunousa.com the advertisements would come up 100% but they haven't come up. Hopefully they're gone for good.  I am now suffering from a lot of white icons as well as permission issues that the tweaking tool didn't repair for some reason. Any insight? 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 17 August 2015 - 01:29 PM

I have run Tweaking.com Windows Repair tool and ran all repairs and rebooted. I don't really know which of the repairs on the tool fixed it. Specifically when I went to mizunousa.com the advertisements would come up 100% but they haven't come up.


These may have solved your popups.

09 - Repair HOSTS File
13 - Repair Network ( This includes Repair Winsock & DNS Cache)
15 - Repair Proxy Settings

Looks like you did not save the log from the scan.
---

If you have many Icons on your Desktop your cache may need to re rebuilt.
Follow the instructions here.
http://www.sevenforums.com/tutorials/49819-icon-cache-rebuild.html
===

as well as permission issues that the tweaking tool didn't repair for some reason.

Please run the Farbar tool one more time and post a fresh FRST log for my review.

#6 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 17 August 2015 - 02:46 PM

Here are the logs. I could NOT run FRST64.exe from desktop. I got the message, "windows cannot access the specified device, path , or file. You may no have the appropriate permissions to access the item."
I ran it straight from my flash drive. 

I ran the cache rebuild on your link. It fixed the icon pictures but the shortcuts were still dead. There seem to be quite a bit of programs that don't work due to not having access/permission to write to folder locations. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Eva Margolies (administrator) on HPDESKTOP (17-08-2015 15:42:58)
Running from F:\
Loaded Profiles: Eva Margolies (Available Profiles: Eva Margolies)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-01-30] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1553242553-66657035-171981457-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1553242553-66657035-171981457-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1553242553-66657035-171981457-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {4BD891B3-3CF0-4049-9996-6AD339BE6230} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {4BD891B3-3CF0-4049-9996-6AD339BE6230} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{F19CE9D1-DD94-4406-84A2-0FA59E25E68A}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{FFF888E7-F772-4F26-9640-332018EBAF67}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Eva Margolies\AppData\Roaming\Mozilla\Firefox\Profiles\lkzi83h9.default-1439313888268
FF DefaultSearchEngine: Google
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (YouTube) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [331776 2013-01-30] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-02-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [296896 2015-07-10] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-16] ()
S3 MFE_RR; \??\C:\Users\EVAMAR~1\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 15:42 - 2015-08-17 15:42 - 00000000 ____D C:\Users\Eva Margolies\Desktop\old
2015-08-17 13:35 - 2015-08-17 13:35 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-17 13:35 - 2015-08-17 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-17 13:34 - 2015-08-17 15:40 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-17 13:34 - 2015-08-17 15:39 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-17 13:34 - 2015-08-17 13:34 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-17 13:34 - 2015-08-17 13:34 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-17 13:01 - 2015-08-17 13:01 - 00000000 ____D C:\Users\Eva Margolies\Desktop\Tweaking.com - Windows Repair
2015-08-17 11:13 - 2015-08-17 11:13 - 00000000 ____D C:\RegBackup
2015-08-17 10:58 - 2015-08-17 10:58 - 00000000 ____D C:\Users\Eva Margolies\Desktop\recovery
2015-08-17 10:56 - 2015-08-17 10:56 - 00001548 _____ C:\Users\Eva Margolies\Desktop\iexplore - Shortcut.lnk
2015-08-17 10:53 - 2015-08-17 10:51 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Eva Margolies\Desktop\FixExec.exe
2015-08-17 10:42 - 2015-08-17 10:42 - 00000000 ____D C:\ProgramData\Recovery
2015-08-17 10:16 - 2015-08-17 10:17 - 00000000 ____D C:\Users\Eva Margolies\Desktop\final
2015-08-16 16:00 - 2015-08-17 15:42 - 00000000 ____D C:\FRST
2015-08-16 16:00 - 2015-08-16 15:59 - 02173440 _____ (Farbar) C:\Users\Eva Margolies\Desktop\FRST64.exe
2015-08-16 15:47 - 2015-08-16 15:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eva Margolies\Downloads\HijackThis.exe
2015-08-16 15:33 - 2015-08-16 15:33 - 05634818 _____ (Swearware) C:\Users\Eva Margolies\Downloads\ComboFix.exe
2015-08-16 15:33 - 2015-08-16 15:33 - 05634818 _____ (Swearware) C:\Users\Eva Margolies\Desktop\ComboFix.exe
2015-08-16 15:30 - 2015-08-17 13:34 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Deployment
2015-08-16 15:10 - 2015-08-16 15:10 - 00000628 _____ C:\DelFix.txt
2015-08-16 14:56 - 2015-08-16 14:56 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-08-16 14:56 - 2015-08-16 14:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-16 14:25 - 2015-08-16 14:25 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\VirtualStore
2015-08-16 13:23 - 2015-08-16 13:14 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-08-16 13:14 - 2015-08-16 15:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\CrashDumps
2015-08-16 12:52 - 2015-08-16 13:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-16 11:42 - 2015-08-16 14:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-16 11:42 - 2015-08-16 11:42 - 00000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-08-16 11:42 - 2015-08-16 11:42 - 00000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-16 11:42 - 2015-08-16 11:42 - 00000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-08-16 11:37 - 2015-08-16 14:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-15 23:05 - 2015-08-17 10:10 - 00000000 ____D C:\ProgramData\MFAData
2015-08-15 18:45 - 2015-08-15 18:45 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-15 17:21 - 2015-08-15 17:21 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\TeamViewer
2015-08-15 17:20 - 2015-08-15 17:20 - 08098552 _____ (TeamViewer GmbH) C:\Users\Eva Margolies\Downloads\TeamViewer_Setup_en (1).exe
2015-08-14 08:14 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 08:14 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:50 - 2015-08-12 10:50 - 00015829 _____ C:\Users\Eva Margolies\Documents\Sales Strategies 2.odt
2015-08-12 06:30 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 06:30 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 06:30 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 06:30 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 06:30 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 06:30 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 06:30 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 06:30 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 06:30 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 06:30 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 06:29 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 06:29 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 06:29 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 06:29 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 06:29 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 06:29 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 06:29 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 06:29 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 06:29 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 06:29 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 06:29 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 06:29 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 06:29 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 06:29 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 06:29 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 06:29 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 06:29 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 06:29 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 06:29 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 06:29 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 06:29 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 06:29 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 06:29 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 06:29 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 06:29 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 06:29 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 06:29 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 06:29 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 06:29 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 06:29 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 06:29 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 06:29 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 06:27 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 06:27 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 06:27 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 06:27 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 06:26 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 06:26 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 06:25 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 06:25 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 06:25 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 06:25 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 06:24 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 06:20 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 06:20 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 06:20 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 06:19 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 06:19 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 06:19 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 06:19 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 06:19 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 06:19 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 06:19 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 06:19 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 06:19 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 06:19 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 06:19 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 06:18 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 06:18 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 06:17 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 06:17 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 06:17 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 06:14 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 06:13 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 06:13 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 06:13 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 06:13 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 06:13 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 06:13 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 06:13 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 06:13 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 06:13 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 06:13 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 06:13 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 06:13 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-11 22:52 - 2015-08-11 22:52 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\GWX
2015-08-11 21:18 - 2015-08-11 21:19 - 00000000 ____D C:\Users\Eva Margolies\Pavark
2015-08-11 21:14 - 2015-08-11 21:14 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\Macromedia
2015-08-11 21:14 - 2015-08-11 21:14 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\Adobe
2015-08-11 20:56 - 2015-08-11 20:56 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\AVG2015
2015-08-11 20:55 - 2015-08-17 12:04 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-11 20:55 - 2015-08-11 20:55 - 00000988 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-11 20:55 - 2015-08-11 20:55 - 00000000 ____D C:\$AVG
2015-08-11 20:53 - 2015-08-11 20:53 - 00000299 _____ C:\Users\Eva Margolies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2015-08-11 20:52 - 2015-08-11 21:01 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Avg2015
2015-08-11 20:35 - 2015-08-16 11:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-11 20:31 - 2015-08-11 20:45 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\AvgSetupLog
2015-08-11 18:31 - 2015-08-17 15:37 - 00002259 _____ C:\WINDOWS\setupact.log
2015-08-11 18:31 - 2015-08-17 14:00 - 00027962 _____ C:\WINDOWS\PFRO.log
2015-08-11 18:31 - 2015-08-11 18:31 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-11 17:59 - 2015-08-17 15:39 - 01481764 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 17:36 - 2015-08-11 17:36 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HPDESKTOP-Windows-8.1-(64-bit).dat
2015-08-11 17:14 - 2015-08-17 13:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-11 17:11 - 2015-08-11 17:12 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\WinPatrol
2015-08-11 17:11 - 2015-08-11 17:11 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-08-11 16:48 - 2015-08-11 16:48 - 00024106 _____ C:\WINDOWS\system32\.crusader
2015-08-11 16:31 - 2015-08-16 16:46 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-08-09 15:24 - 2015-08-09 15:24 - 00001636 _____ C:\ProgramData\tempimage.bmp
2015-08-08 09:32 - 2015-08-08 09:32 - 00003864 _____ C:\WINDOWS\System32\Tasks\Notify Helper
2015-08-08 09:32 - 2015-08-08 09:32 - 00003558 _____ C:\WINDOWS\System32\Tasks\System Cleaner Pro Auto Start
2015-08-07 15:50 - 2015-08-09 18:20 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-07 15:45 - 2015-08-07 15:45 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\WINDOWS\system32\dagr
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-07-26 22:38 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-07-26 22:38 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 15:43 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-17 15:41 - 2015-02-17 18:37 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{669DF707-125D-4385-8470-6FE56F8E195E}
2015-08-17 15:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-17 15:37 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 15:36 - 2015-02-17 18:43 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1553242553-66657035-171981457-1001
2015-08-17 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-17 14:00 - 2013-08-22 10:44 - 00410896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-17 13:59 - 2013-08-22 09:25 - 00000230 _____ C:\WINDOWS\win.ini
2015-08-17 13:54 - 2015-02-20 16:11 - 00956540 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-17 13:36 - 2015-02-17 18:49 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Google
2015-08-17 13:17 - 2015-02-17 18:37 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Packages
2015-08-17 11:46 - 2014-11-21 05:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-17 11:46 - 2014-11-21 05:15 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-16 15:50 - 2013-08-22 09:25 - 00000705 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_579
2015-08-16 15:29 - 2015-02-17 19:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Roaming\ClassicShell
2015-08-16 14:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-16 11:29 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-16 09:23 - 2015-02-17 13:01 - 00000000 ____D C:\Users\Eva Margolies\Desktop\Old files
2015-08-15 18:50 - 2015-02-17 19:29 - 00000000 ____D C:\Users\Eva Margolies\AppData\Local\Adobe
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 18:20 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-15 18:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-14 09:40 - 2015-02-20 19:06 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-14 09:34 - 2015-07-10 09:39 - 00000000 ____D C:\$Windows.~BT
2015-08-14 08:14 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-14 08:13 - 2015-02-17 20:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 08:11 - 2015-02-17 20:28 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 08:10 - 2015-02-18 00:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-14 08:10 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-14 08:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 08:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 22:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-11 21:18 - 2015-02-20 16:14 - 00000000 ____D C:\Users\Eva Margolies
2015-08-11 21:01 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-11 20:55 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-08-11 20:29 - 2013-05-15 16:22 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-11 16:26 - 2015-02-17 18:45 - 00000000 ____D C:\Users\Eva Margolies\Documents\EasyDuplicateFinder
2015-08-10 12:01 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-08-10 12:01 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Speech
2015-08-10 11:16 - 2015-02-17 19:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-10 11:16 - 2013-05-15 16:04 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-08-09 17:30 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-08 09:55 - 2014-11-21 12:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:55 - 2014-11-21 12:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-26 06:56 - 2015-04-04 08:50 - 00000000 ___SD C:\WINDOWS\system32\GWX
 
==================== Files in the root of some directories =======
 
2015-08-09 15:24 - 2015-08-09 15:24 - 0001636 _____ () C:\ProgramData\tempimage.bmp
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-17 12:00
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Eva Margolies (2015-08-17 15:43:56)
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1553242553-66657035-171981457-500 - Administrator - Disabled)
Eva Margolies (S-1-5-21-1553242553-66657035-171981457-1001 - Administrator - Enabled) => C:\Users\Eva Margolies
Guest (S-1-5-21-1553242553-66657035-171981457-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1553242553-66657035-171981457-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7378D661-1AD0-CB5A-FA5B-B73C8037E393}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LibreOffice 4.4.0.3 (HKLM-x32\...\{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}) (Version: 4.4.0.3 - The Document Foundation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
11-08-2015 17:07:16 Removed Adblock Plus for IE (32-bit and 64-bit)
15-08-2015 17:51:57 zoek.exe restore point
17-08-2015 10:25:53 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-08-17 11:59 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15675B1A-FA7E-4CDF-8B01-F00B699013B9} - System32\Tasks\System Cleaner Pro Auto Start => C:\Program Files (x86)\System Cleaner Pro\SystemCleanerPro.exe
Task: {2EA1B0E9-B39F-4B42-8B99-C09062B0101F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {32B37060-BD8B-4064-BCE4-E8DA6BBECFA2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {379C5794-E3ED-472E-8BF5-48A0088116BB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {4D6C070F-BE84-4A1B-BE56-9FE25FCB2CA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {544F22C5-F940-4E6B-A1FF-138D6ED697FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-14] (Microsoft Corporation)
Task: {56DDF4CF-08B4-4452-BD45-10E1707D859F} - System32\Tasks\Notify Helper => C:\Program Files (x86)\System Cleaner Pro\\NotifyHelper.exe
Task: {5B39608B-DCA2-4979-BFA6-0CF57B601E23} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {76948196-918C-4278-8091-2E3A8B00374E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A0DE6183-160D-4525-945E-815203E49952} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {A50E7C40-ED3A-463D-8C77-B22810B0DD20} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {AC7254C7-09D8-4B5F-A6A1-B441429A2FAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CBFE5876-CEB8-4D2C-B64B-C7CE0706E3A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DD743653-07C1-4CB0-B422-DA8F579F181F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {DEF77CD7-FE03-4F7A-9EA8-19577076438B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {E3E8E8C6-B0CB-4C80-B1A8-44D041F02C0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {FCDD5EAB-39F4-4AC9-8D60-E7A76CF96B90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => 0x030601002B264B14BD9DFF4A98F2F02F2962CAB746005E020000000000000000200000000014730F000000000313040000248005000000000000000000000000000000000000400043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005500700064006100740065002E0065007800650000002B002F006100750074006F0075007000640061007400650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F007300650020002F006200610063006B00670072006F0075006E006400000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007A00540068006900730020007400610073006B002000770069006C006C00200072006500670075006C00610072006C007900200063006800650063006B00200066006F007200200073006F00660074007700610072006500200075007000640061007400650073002C00200061006E006400200069006E007300740061006C006C00200061006E007900200061007600610069006C00610062006C006500200075007000640061007400650073002C00200074006F00200065006E007300750072006500200079006F00750020006100720065002000770065006C006C002D00700072006F007400650063007400650064002E000000000008000313040000000000010030000000DF07080010000000000000000B002A0000000000000000000000000007000000010000000000000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x030601006D640C563CE0454A871563569905B806460042020000000000000000200000000014730F000000000313040000208001000000000000000000000000000000000000420043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF070800100000000000000000001E0000000000000000000000000002000000010008000000000000000000
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => 0x030601007779491C592C0B41AF76D5CD6CFC13A3460098010000000000000000200000000014730F0000000003130400C02080010000000000000000000000000000000000003E0043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005300630061006E002E00650078006500000012002F007300630061006E0020002F0063006C00650061006E0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032000000320041002000660075006C006C002000730079007300740065006D0020007300630061006E0020006900730020007200650063006F006D006D0065006E0064006500640020006F006E0063006500200070006500720020006D006F006E00740068002E000000000008000313040000000000010030000000DF070800100000000000000000001E000000000000000000000000000300000001000000FF0F000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-21 02:35 - 2015-01-21 02:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-15 16:09 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-08-17 13:35 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-17 13:35 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35283824.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35283824.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1553242553-66657035-171981457-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AF0B5B9-6538-43FD-85B9-D3396B5B7037}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSB387.tmp\SymNRT.exe
FirewallRules: [{AE3B19E4-FB89-437F-BC4B-5FDB49548B05}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSB387.tmp\SymNRT.exe
FirewallRules: [{D1FBE14B-F298-4B44-84C5-5F8B37D0FDF8}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSF95A.tmp\SymNRT.exe
FirewallRules: [{DE1C0C4B-9297-49ED-9FD4-AC6A263B2CAB}] => (Allow) C:\Users\Eva Margolies\AppData\Local\Temp\7zSF95A.tmp\SymNRT.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BBD19AEB-545B-467C-814A-A60A158C3E82}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2015 03:40:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2015 03:40:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2015 03:40:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2015 03:40:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2015 03:40:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageModificationEvent" whose target class "MSFT_StorageModificationEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageDepartureEvent" whose target class "MSFT_StorageDepartureEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageArrivalEvent" whose target class "MSFT_StorageArrivalEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageAlertEvent" whose target class "MSFT_StorageAlertEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_StorageModificationEvent" whose target class "MSFT_StorageModificationEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (08/17/2015 03:39:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (08/17/2015 03:37:58 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/17/2015 03:37:57 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/17/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (08/17/2015 02:00:41 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/17/2015 02:00:41 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/17/2015 01:21:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (08/17/2015 01:19:03 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/17/2015 01:19:03 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/17/2015 01:09:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
 
Microsoft Office:
=========================
Error: (08/17/2015 03:40:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927148
 
Error: (08/17/2015 03:40:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927148
 
Error: (08/17/2015 03:40:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927148
 
Error: (08/17/2015 03:40:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927148
 
Error: (08/17/2015 03:40:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPDesktop)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927148
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage
 
Error: (08/17/2015 01:57:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage
 
 
CodeIntegrity:
===================================
  Date: 2015-08-17 15:39:06.055
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-17 14:02:14.981
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-17 13:21:37.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-11 20:40:29.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-11 20:40:28.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-09 18:17:46.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-09 18:17:46.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5300 APU with Radeon™ HD Graphics 
Percentage of memory in use: 18%
Total physical RAM: 7365.5 MB
Available physical RAM: 5985.2 MB
Total Virtual: 7765.5 MB
Available Virtual: 6362.51 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:446.08 GB) (Free:383.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.76 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (TOSHIBA) (Removable) (Total:3.73 GB) (Free:1.79 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB948330)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of log ============================

Edited by iedgar10, 17 August 2015 - 02:54 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 18 August 2015 - 06:56 AM


There seem to be quite a bit of programs that don't work due to not having access/permission to write to folder locations.

Keep in mind that the desktop is a folder.

Lets remove these restrictions and see if all is well.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1553242553-66657035-171981457-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 MFE_RR; \??\C:\Users\EVAMAR~1\AppData\Local\Temp\mfe_rr.sys 

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If this fails to restore you Desktop run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
emptyalltemp;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
===

How is the computer running now?

#8 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 18 August 2015 - 10:13 AM

Here are the logs:

Status: itunes does not work with message "the folder itunes is in a locked disk or your do not have write permission...." and ALL windows 8 apps crash and close instantly including email and the app store.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Eva Margolies (2015-08-18 10:07:34) Run:2
Running from C:\Users\Eva Margolies\Desktop\frst64
Loaded Profiles: Eva Margolies (Available Profiles: Eva Margolies)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1553242553-66657035-171981457-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 MFE_RR; \??\C:\Users\EVAMAR~1\AppData\Local\Temp\mfe_rr.sys 
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1553242553-66657035-171981457-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
MFE_RR => service removed successfully
EmptyTemp: => 348 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:07:44 ====
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Eva Margolies on Tue 08/18/2015 at 10:13:21.81.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eva Margolies\Desktop\recovery\8 zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/18/2015 10:15:15 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\Eva Margolies\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\WINDOWS\wininit.ini deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk" not deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.155
 
 
Chrome Hotword Shared Module - Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Preferences
/fonts.googleapis.com/",["https://fonts.gstatic.com/",2.1457765990453503]],["https://googleads.g.doubleclick.net/",["https://cm.g.doubleclick.net/",1.3300965616197173,"https://fonts.googleapis.com/",0.616902189119142,"https://googleads.g.doubleclick.net/",0.885808271555691,"https://pagead2.googlesyndication.com/",0.796172910743508,"https://tpc.googlesyndication.com/",1.9536555733081093,"https://www.google.com/",1.3300965616197173]],["https://s.ytimg.com/",["https://s.ytimg.com/",2.1457765990453503]],["https://www.facebook.com/",["https://fbstatic-a.akamaihd.net/",0.9139054415446025]],["https://www.google.com/",["https://apis.google.com/",2.2733802,"https://ssl.gstatic.com/",2.2733802,"https://www.google.com/",4.255301399999999,"https://www.gstatic.com/",2.2733802]],["https://www.youtube.com/",["https://apis.google.com/",1.4162125553699312,"https://i.ytimg.com/",1.4162125553699312,"https://s.ytimg.com/",2.241430551438349,"https://static.doubleclick.net/",1.4162125553699312,"https://www.google.com/",1.4162125553699312]]],"startup_list":[1,"http://mizuno.scene7.com/","http://use.typekit.net/","http://www.mizuno.com/","http://www.mizunousa.com/","https://accounts.google.com/","https://accounts.youtube.com/","https://apis.google.com/","https://ssl.gstatic.com/","https://www.google.com/","https://www.gstatic.com/"]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13084314451041421","next_check":"13084383382815801"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"install_signature":{"expire_date":"2015-11-09","ids":["aapocclcgogkmnckokdopfmhonfmgoek","aohghmighlieiainnegkcijnfilokake","felcaaldnbdncclmgdcncolpebgiejap"],"invalid_ids":[],"salt":"7Mdp0QTCmXhMBCoCsXRfIW7UpfuUDQxuOf0zrz2s1c4=","signature":"iM9oS2yOByJNxcMsrayEf/VmYty29vUenozu7iZBl8xxOG/ulfVtTSQPKFs9Of0/usL64OUKNF9+Z/Q+V+POMIqpJe2yzZsFBBuSlW5OpbMzKdw0+9KplehXvEI9Kv9AwrBC7H1w7n8AgA7xQN/URhMbDIhanUudDgz3wDeXeEc357c9k275tWrHT+CoTiCLtjLG+SAmWA/If0Kob9b6c6qF21XPDMDqZRB8bOS2geQoWkMdenOLQd6RWupnwepvAaFmSRUPlSpsE3P1kTvOonZFqII15fH0CeHm0aXzp3TaVGJWheJ2ouHVDzotDSsX93j5IA/QSW8HKeKIX3EuVw==","signature_format_version":2,"timestamp":"13084306723504228"},"last_chrome_version":"44.0.2403.155"},"gcm":{"check_time":"13084314127670572"},"hotword":{"previous_language":"en-US"},"http_original_content_length":"43185977","http_received_content_length":"43185977","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"YCsh9xVhQr/dpXfIe2Z0gg=="},"media":{"device_id_salt":"azr6sJFjNfpnrxI6w+hJMQ=="},"net":{"http_server_properties":{"servers":{"accounts.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":17333},"supports_spdy":true},"accounts.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"apis.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":25404},"supports_spdy":true},"clients1.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"clients2.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"clients4.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"cm.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":18030},"supports_spdy":true},"fbcdn-profile-a.akamaihd.net:443":{"supports_spdy":true},"fbstatic-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fonts.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14028},"supports_spdy":true},"fonts.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15260},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14290},"supports_spdy":true},"graph.facebook.com:443":{"supports_spdy":true},"oauth.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"pagead2.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":16544},"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":25640},"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29341},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.143","used_quic":true},"version":3}},"partition":{"per_host_zoom_levels":{"3155232537":{}}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"44.0.2403.155","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Person 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13084306563312232"},"sync_promo":{"startup_count":6},"translate_blocked_languages":["en"],"translate_whitelists":{}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eva Margolies\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Eva Margolies\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eva Margolies\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Eva Margolies\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Eva Margolies\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=2 folders=0 285 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Eva Margolies\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\EVAMAR~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk"  not found
 
==== EOF on Tue 08/18/2015 at 10:36:34.28 ======================
 


#9 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 18 August 2015 - 11:21 AM

i've been reading through some new forums and A LOT of people are recently (ie within this week) having the "jabuticaba" ads issue and no adware/virus removal software is being able to remove it. Do we have a major problem here!?!? All hands on deck! I've literally tried everything I can think of and the computer seems to be getting worse in other areas. I'm about ready to do a clean install but THAT'S NOT AN ACCEPTABLE SOLUTION. Am I right?? Curse my persistence... lol 

 

ALSO, a lot of the "solutions" on sketch blogs point to "spyhunter" HOWEVER I don't know of any legit source that recommends Spyhunter. Do I smell conspiracy by spyhunter!!?!??! lol 


Edited by iedgar10, 18 August 2015 - 11:29 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 18 August 2015 - 12:45 PM

ALSO, a lot of the "solutions" on sketch blogs point to "spyhunter" HOWEVER I don't know of any legit source that recommends Spyhunter. Do I smell conspiracy by spyhunter!!?!??! lol

No I do not think so. We have to find the commond denominator.
===

I'm also working on this log with the same type of problem.

http://www.bleepingcomputer.com/forums/t/586266/horrible-pop-ups-ads-by-jabuticaba/?hl=%2Bjabuticaba#entry3794210

The OP found this process running PEVZ.exe is you find this please disable it and run this also.

Please run the Farbar Recovery Scan Tool. Enter PEVZ.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.
===

This is an other interesting log.
http://www.bleepingcomputer.com/forums/t/584783/browser-pop-up-malware/

gringo_pr in his last message is suggesting to remove Chrome using the Revo uninstaller.
You can also try it.

Keep me posted.

#11 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 18 August 2015 - 02:00 PM

nothing with PEVZ.exe was found either in services in task manager or by Farbar. 
I've already removed Chrome with REVO and reinstalled. I ran into a write permission issue when reinstalling chrome BUT for some reason Chrome installed anyways....

 

 

this stinks...



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 19 August 2015 - 06:58 AM

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    09 - Repair HOSTS File
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    13 - Repair Network (previously Repair Winsock & DNS Cache)
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.


  • Keep me posted.


#13 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 August 2015 - 09:37 AM

Nasdaq,

 

I tried that yesterday, twice. Both times there were no error messages.

Current situation reviewed: 

1-chrome works fine now, however my host file had 127.0.0.1 unhashed (again) at the bottom....i removed it even though it seemed to have no ill effect. 

2-IE works fine 

3-Windows app store did not work until I ran "powershell -ExecutionPolicy Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\WinStore\AppxManifest.xml" in administrator powershell
4-ALL OTHER WINDOWS 8 apps DO NOT WORK. they shut down immediately. I've tried this in powershell "Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}" and still nothing

5- most other folder open fine with the exception of occasionally getting a "press continue to gain access" pop up. 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:35 AM

Posted 19 August 2015 - 12:46 PM

There are 4 fixes available for Windows 8.

Run the Tweaking tool and select them.

28 - Repair Windows 8 Apps Store
29 - Repair Windows 8 Component Store
30 - Repair Windows 8 COM+ Unmarshalers
31 - Repair Windows 'New' Submenu


p.s.
If I remenber you must be in Safe mode to execute these commands.
Read the information on the main page.

#15 iedgar10

iedgar10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 19 August 2015 - 01:14 PM

I ran all the fixes in safe mode AND regular mode yesterday.  I've finally given up. I did a "refresh" which incidentally did not work. I still had the same issues with the windows 8 apps. I then proceeded to do a full reinstall using the built in windows 8 reset tool. I'm still waiting on it to finish. When it finishes, I will post an update on whether this fixes the issues or if I have lingering problems. After that, I guess the topic can be closed, I'd just like to post a final update for anybody doing future research. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users