Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acer laptop with errors after disinfection


  • This topic is locked This topic is locked
22 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 December 2015 - 06:14 PM

Hello everybody, how are you doing?

 

I disinfected an Acer Aspire 6920 laptop after user reported receiving a fake security alert (which unfortunately they fell for it :( ).

I used AdwCleaner, Malwarebytes, Hitman Pro & finally ESET online scanner.  Lastly, I instead KIS 2016 as a trial.

 

I am posting in this section because I am running into the following 3 major issues that I believe are tied into infections.

 

1)  I cannot get any Microsoft .NET Framework to install.  Now even KIS doesn't start.

2)  I have a Windows Update Error Code 643...

3)  ...& also Error Code 0x8007005.

 

Please help! :)  I do not have any restoration CDs or backup capabilities.



BC AdBot (Login to Remove)

 


#2 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 December 2015 - 11:49 PM

A little update...#1 above drove me crazy so I did a system restore but still having #2 (Windows Update error code 643).



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 01 January 2016 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have a Windows Update Error Code 643..


Refer to this Microsoft page.
https://support.microsoft.com/en-us/kb/976982

Try the suggested fix and if the problem persists please run this tool and post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

#4 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 01 January 2016 - 01:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Dave (administrator) on JESSICA-PC (01-01-2016 13:01:49)
Running from C:\
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2610512210-126107470-320303467-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2610512210-126107470-320303467-1000\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2610512210-126107470-320303467-1000\...\MountPoints2: {5f70bfdd-1ff5-11e0-bc28-001de0837ccf} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2610512210-126107470-320303467-1000\...\MountPoints2: {5f70c03a-1ff5-11e0-bc28-001de0837ccf} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2610512210-126107470-320303467-1000\...\MountPoints2: {da428d6a-387e-11e0-8fab-00a0d1a39f3b} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-01-01]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251
Tcpip\..\Interfaces\{BA552518-0D2C-4802-BC1C-9F84D7BEA517}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D65829D3-C0DB-49EF-A1B9-25FBDA4D9B4B}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?ilc=8
HKU\S-1-5-21-2610512210-126107470-320303467-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-2610512210-126107470-320303467-1000 -> {8C1A36A1-F5EF-3B23-94E4-ED31FE1B3197} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-30] (AO Kaspersky Lab)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-30] (AO Kaspersky Lab)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-30] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-30] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2610512210-126107470-320303467-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxps://www.acklie.com/dwa85W.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-30]

Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-12]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-31]
CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Kaspersky Protection) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-31]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-30] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Users\Dave\Desktop\mal\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6886160 2015-12-14] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-30] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-30] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-30] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-30] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 13:01 - 2016-01-01 13:02 - 00011971 _____ C:\FRST.txt
2016-01-01 12:59 - 2016-01-01 13:01 - 00000000 ____D C:\FRST
2016-01-01 12:59 - 2016-01-01 12:59 - 02370560 _____ (Farbar) C:\FRST64.exe
2016-01-01 12:52 - 2016-01-01 12:54 - 00000000 ____D C:\472a8995f07c217ae2d2bb9978fb41ee
2015-12-31 23:54 - 2015-12-31 23:56 - 00000000 ____D C:\1b63936060d8b11dde49818d
2015-12-31 23:33 - 2015-12-31 23:36 - 00000000 ____D C:\d68e35f9d2c3cc3c53c46a1170878e
2015-12-31 23:17 - 2015-12-31 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-31 23:16 - 2015-12-31 23:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-31 23:16 - 2015-12-31 23:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-31 23:03 - 2015-12-31 23:03 - 00001500 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2015-12-31 23:03 - 2015-12-31 23:03 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-12-31 21:57 - 2015-12-31 22:05 - 00000000 ____D C:\df9e2eecaa026d28b2cbaf22d30ae286
2015-12-31 19:18 - 2015-12-31 19:19 - 18797528 _____ C:\Users\Dave\Desktop\tweaking.com_windows_repair_aio.zip
2015-12-31 19:15 - 2015-12-31 19:15 - 00021232 _____ C:\Users\Dave\Desktop\Fix WU.zip
2015-12-31 18:08 - 2015-12-31 18:08 - 00000000 ____D C:\Users\Dave\AppData\Roaming\LibreOffice
2015-12-31 18:01 - 2015-12-31 18:03 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2015-12-31 16:51 - 2015-12-31 16:51 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2015-12-31 12:32 - 2015-12-31 12:32 - 00000000 ____D C:\ProgramData\Auslogics
2015-12-30 22:11 - 2015-12-30 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-12-30 22:11 - 2015-12-30 22:10 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-12-30 22:10 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-12-30 22:09 - 2016-01-01 12:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-30 22:09 - 2015-12-30 22:09 - 00000000 ____D C:\Windows\ELAMBKUP
2015-12-30 22:09 - 2015-12-30 22:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-30 22:08 - 2015-12-30 22:24 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-30 22:08 - 2015-12-30 22:24 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-30 21:49 - 2015-12-30 21:49 - 00000000 ____D C:\Users\Dave\AppData\Roaming\SumatraPDF
2015-12-30 21:48 - 2015-12-30 21:48 - 00001875 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-12-30 21:48 - 2015-12-30 21:48 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\Adblock Plus for IE
2015-12-30 21:48 - 2015-12-30 21:48 - 00000000 ____D C:\Program Files\SumatraPDF
2015-12-30 21:48 - 2015-12-30 21:48 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-12-30 21:31 - 2015-12-31 22:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-30 21:31 - 2015-12-30 21:31 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11 Host.lnk
2015-12-30 19:06 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-12-30 19:06 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-12-30 19:04 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-30 19:04 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-30 19:03 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-30 19:03 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-30 19:03 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-30 19:03 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-30 19:03 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-30 19:03 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-30 19:03 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-30 19:03 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-30 18:48 - 2015-12-30 18:49 - 00000000 ____D C:\ProgramData\WRData
2015-12-30 18:08 - 2015-12-30 18:08 - 00001485 _____ C:\Users\Dave\Desktop\Google Chrome.lnk
2015-12-30 16:24 - 2015-12-30 16:42 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-30 15:03 - 2015-12-30 15:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-30 15:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-30 15:02 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-30 15:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-30 15:00 - 2015-12-30 21:36 - 00000000 ____D C:\Users\Dave\Desktop\mal
2015-12-30 14:13 - 2015-12-30 14:53 - 00000000 ____D C:\AdwCleaner
2015-12-30 13:56 - 2015-12-30 14:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Geek Uninstaller
2015-12-30 13:53 - 2016-01-01 12:59 - 00000000 ____D C:\Windows_Repair_Toolbox
2015-12-22 14:57 - 2015-12-22 14:57 - 00000111 _____ C:\Users\Dave\Documents\sandy.txt
2015-12-22 12:35 - 2015-12-08 15:42 - 00089349 _____ C:\Users\Dave\Desktop\AUTH_FORM NEW.pdf
2015-12-22 12:15 - 2015-12-22 12:29 - 00000155 _____ C:\Users\Dave\Desktop\Axesgeeks.txt
2015-12-22 12:01 - 2015-12-22 12:01 - 00000000 ____D C:\Users\Dave\AppData\Local\LogMeIn Rescue Applet
2015-12-20 23:28 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-20 23:28 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-20 23:28 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-20 23:28 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-20 23:28 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-20 23:28 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-20 23:28 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-20 23:28 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-20 23:28 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-20 23:28 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-20 23:28 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-20 23:28 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-20 23:28 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-20 23:27 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-20 23:27 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-20 23:27 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-20 23:27 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-20 23:27 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-20 23:27 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-20 23:27 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-20 23:27 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-20 23:27 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-20 23:27 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-20 23:27 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-20 23:27 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-20 23:27 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-20 23:27 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-20 23:27 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-20 23:27 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-20 23:27 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-20 23:27 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-20 23:27 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-20 23:27 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-20 23:27 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-20 23:27 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-20 23:27 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-20 23:27 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-20 23:27 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-20 23:27 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-20 23:27 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-20 23:27 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-20 23:27 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-20 23:27 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-20 23:27 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-20 23:27 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-20 23:27 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-20 23:27 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-20 23:27 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-20 23:27 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-20 23:27 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-20 23:27 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-20 23:27 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-20 23:27 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-20 23:27 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-20 23:27 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-20 23:27 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-20 23:27 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-20 23:27 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-20 23:27 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-20 23:27 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-20 23:27 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-20 23:27 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-20 23:27 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-20 23:27 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-20 23:27 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-20 23:27 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-20 23:27 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-20 23:27 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-20 23:27 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-20 23:27 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-20 23:27 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-20 23:27 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-20 23:27 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-20 23:27 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-20 23:27 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-20 23:27 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-20 23:27 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-20 23:27 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-20 23:27 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-20 23:27 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-20 23:27 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-20 23:27 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-20 23:27 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-20 23:27 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-20 23:27 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-20 23:27 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-20 23:27 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-20 23:27 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-20 23:27 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-20 23:27 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-20 23:26 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-20 23:26 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-11 15:31 - 2015-12-11 15:31 - 00970912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120.dll
2015-12-11 15:31 - 2015-12-11 15:31 - 00455328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120.dll
2015-12-11 15:31 - 2015-12-11 15:31 - 00247984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib120.dll
2015-12-09 08:15 - 2015-12-09 08:15 - 00042234 _____ C:\Users\Dave\Downloads\summary (6).pdf
2015-12-03 22:34 - 2015-12-03 22:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e44aec2dd86.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 12:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-01 12:40 - 2014-03-15 20:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-01 12:38 - 2009-07-13 23:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-01 12:38 - 2009-07-13 23:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-01 12:33 - 2014-02-12 13:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-01 12:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-31 23:15 - 2011-01-14 10:34 - 00074024 _____ C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-31 23:07 - 2009-07-13 23:45 - 00330096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-31 22:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-31 21:47 - 2011-01-08 23:20 - 00000000 ____D C:\Users\Dave
2015-12-31 21:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-31 21:46 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-31 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-31 19:14 - 2011-01-14 11:34 - 00000000 ____D C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2015-12-30 22:24 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-12-30 22:16 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-30 21:55 - 2015-04-03 14:17 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-30 19:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-30 18:58 - 2014-05-06 22:03 - 00000000 ____D C:\temp
2015-12-30 17:09 - 2011-01-23 14:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-30 17:08 - 2011-01-23 14:27 - 00000000 ____D C:\ProgramData\Adobe
2015-12-30 17:05 - 2014-03-15 20:46 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-30 17:05 - 2014-03-15 20:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 15:40 - 2011-05-13 17:38 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-12-30 14:38 - 2014-05-04 23:42 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-30 14:38 - 2014-02-12 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-30 14:38 - 2011-02-23 11:15 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\Yahoo!
2015-12-30 14:11 - 2014-05-04 23:04 - 00000000 ____D C:\ProgramData\TEMP
2015-12-30 13:59 - 2011-01-28 10:32 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9ABA863F-AD08-42D4-80D3-BF8688072B85}
2015-12-30 13:55 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-22 16:42 - 2014-04-15 14:48 - 00000000 ____D C:\Program Files\Google
2015-12-22 16:42 - 2014-02-12 13:15 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-22 15:07 - 2015-04-03 15:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-22 15:07 - 2015-04-03 15:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-22 15:03 - 2014-03-22 15:56 - 00000000 ____D C:\Windows\system32\MRT
2015-12-22 14:59 - 2011-01-08 11:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-22 13:18 - 2014-04-15 14:47 - 00000000 ____D C:\ProgramData\Google
2015-12-22 13:18 - 2014-02-12 13:15 - 00000000 ____D C:\Users\Dave\AppData\Local\Google
2015-12-22 13:11 - 2011-01-08 17:12 - 00000000 ____D C:\Windows\Panther
2015-12-22 13:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-21 00:10 - 2011-01-23 14:27 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
2015-12-03 22:34 - 2015-09-16 20:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0e8ec9741f0.job
2015-12-02 13:18 - 2011-01-08 11:42 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-02-14 14:57 - 2011-02-14 14:57 - 0024273 _____ () C:\Users\Dave\AppData\Roaming\UserTile.png
2014-02-11 19:53 - 2014-02-11 19:53 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-22 23:06 - 2011-02-22 23:06 - 0007600 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2014-03-29 14:05 - 2014-03-29 14:05 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\msvcp120.dll
C:\Users\Dave\AppData\Local\Temp\msvcr120.dll
C:\Users\Dave\AppData\Local\Temp\pc-decrapifier.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-31 22:39

==================== End of FRST.txt ============================



#5 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 01 January 2016 - 01:10 PM

Attached is "Additonal".  Microsoft did not help.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 02 January 2016 - 08:40 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Toolbar: HKU\S-1-5-21-2610512210-126107470-320303467-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Lets repair some important services.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    13 - Repair Network (previously Repair Winsock & DNS Cache)
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

Edited by nasdaq, 02 January 2016 - 08:40 AM.


#7 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 02:20 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Dave (2016-01-02 14:09:05) Run:1
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Toolbar: HKU\S-1-5-21-2610512210-126107470-320303467-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-2610512210-126107470-320303467-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
klkbdflt2 => service could not remove
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
EmptyTemp: => 724.3 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:10:50 ====



#8 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 03:14 PM

Tweaking has no issues but now Windows updates do not check for updates and give me Error Code 80070422.



#9 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 03:22 PM

Tweaking has no issues but now Windows updates do not check for updates and give me Error Code 80070422.

 

I fixed it :)



#10 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 03:43 PM

I tried Windows Updates and are still received error 643 & error 0x8007005.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 02 January 2016 - 03:51 PM

Try the fix suggested by Microsoft on this page.

https://support.microsoft.com/en-us/kb/968003

If at any time you need help before proceeding please let me know.

#12 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 04:25 PM

Try the fix suggested by Microsoft on this page.

https://support.microsoft.com/en-us/kb/968003

If at any time you need help before proceeding please let me know.

 

When I run that Reset.cmd, after a few minutes I get a CMD box but toward the top, there are several red lines staying Done (#s), Modified (#s), Failed (#s), Syntax Errors 0.  Is that normal?



#13 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 January 2016 - 05:03 PM

 

Try the fix suggested by Microsoft on this page.

https://support.microsoft.com/en-us/kb/968003

If at any time you need help before proceeding please let me know.

 

When I run that Reset.cmd, after a few minutes I get a CMD box but toward the top, there are several red lines staying Done (#s), Modified (#s), Failed (#s), Syntax Errors 0.  Is that normal?

 

 

I was confused :)  This completed successfully....

.....but Error Code 643 still persists (and I cannot reinstall .Net if I uninstall it).



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 PM

Posted 03 January 2016 - 08:43 AM

Try this method suggested in the topic https://support.microsoft.com/en-us/kb/976982 if not already done.
Method 2: Manually download the update from the download link and install it in clean boot mode

 

We suggest that you install the updates in clean boot mode to avoid interrupting non-Microsoft programs. To enter clean boot mode on a computer, follow these steps:
Click the Start button, type msconfig in the Start Search box, and then press Enter. If you are running Windows 8 or Windows 8.1, type msconfig on the Start screen, and then press Enter.
If you are prompted for an administrator password or for confirmation, type the password or click Continue.
On the General tab, click Selective Startup.
Under Selective Startup, clear the Load Startup Items check box.
Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
Click OK.
When you are prompted, click Restart.
After your computer restarts, try to update your computer again.
For more information about this method, see the following article in the Microsoft Knowledge Base:
331796 Perform a clean startup to determine whether background programs are interfering with your game or program
If you are not installing the .NET Framework updates when you receive error code 0x80070643 or 0x643, you may have to collect additional logging information to troubleshoot your issue. These logs can be reviewed by support professionals or IT professionals to help determine the issue.

If you receive this error when you install Office updates, see Windows Update error 80070643 for solution.



p.s.

This link will get you to an other Microsoft page. Try it.
you may have to collect additional logging information
https://support.microsoft.com/en-us/kb/2545723

#15 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 January 2016 - 03:38 PM

I did the "clean mode" installation but still no luck :(

 

1)  I ran through the ".NET cleanup tool" and the logs it created are a .cab file - a zip is attached.

2)  I manually ran the KB2901983 installation, which did not success, but created a TXT & HTML files - another zip too.

 

What is next?


Edited by kkoz83, 03 January 2016 - 07:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users