Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need advanced help please


  • This topic is locked This topic is locked
20 replies to this topic

#1 tank44

tank44

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 11 June 2016 - 04:37 PM

hi got told to post in here for help with more advmaced tools

 

here is the original post

 

http://www.bleepingcomputer.com/forums/t/615990/locking-comp-possible-email-changed/

 

here are frst logs

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-06-2016
Ran by Chris (administrator) on DELL-530 (11-06-2016 21:47:46)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(PANTERASoft) C:\Program Files\HDD Health\hddhealth.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(9-lab LLC) C:\Program Files\9-lab\Removal Tool\rmtool.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-05] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2014-03-25]
ShortcutTarget: HDDHealth.lnk -> C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: [DhcpNameServer] 192.168.0.203
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-16] (RealPlayer)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-15] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\grp5g9y0.default-1465568326873
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-05]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-05-06] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-05] (AVAST Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-05] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [297944 2016-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-05-05] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-05-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-05] (AVAST Software)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-05-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-05-31] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
U3 Cmbatt; no ImagePath
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
U3 Wwansvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 21:47 - 2016-06-11 21:48 - 00012554 _____ C:\Users\Chris\Desktop\FRST.txt
2016-06-11 21:47 - 2016-06-11 21:47 - 00000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2016-06-11 04:44 - 2016-06-11 04:44 - 00000882 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2016-06-11 04:44 - 2016-06-11 04:44 - 00000882 _____ C:\ProgramData\Desktop\Removal Tool.lnk
2016-06-11 04:08 - 2016-06-11 04:08 - 00000000 ____D C:\Users\Chris\AppData\Roaming\9-lab
2016-06-11 04:05 - 2016-06-11 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2016-06-11 04:05 - 2016-06-11 04:05 - 00000000 ____D C:\ProgramData\9-lab
2016-06-11 04:05 - 2016-06-11 04:05 - 00000000 ____D C:\Program Files\9-lab
2016-06-11 04:03 - 2016-06-11 04:03 - 00000684 _____ C:\RstHosts.txt
2016-06-11 03:48 - 2016-06-11 03:48 - 00037493 _____ C:\Users\Chris\Desktop\AdsFix_11_06_2016_03_48_11.txt
2016-06-10 22:38 - 2016-06-10 22:41 - 00000000 ____D C:\Users\Chris\Desktop\LAUZQ1
2016-06-10 22:17 - 2016-06-10 22:17 - 06551872 _____ C:\Users\Chris\Desktop\rmtool-setup-x86.exe
2016-06-10 22:17 - 2016-06-10 22:17 - 00011459 _____ C:\Users\Chris\Desktop\klcp_codec_log.txt
2016-06-10 22:00 - 2016-06-11 03:48 - 00037493 _____ C:\AdsFix_11_06_2016_03_48_11.txt
2016-06-10 22:00 - 2016-06-10 22:00 - 00000923 _____ C:\Users\Chris\Desktop\AdsFix_Donate.lnk
2016-06-10 21:57 - 2016-06-11 03:49 - 00000000 ____D C:\AdsFix
2016-06-10 21:55 - 2016-06-10 21:55 - 06157328 _____ (SosVirus) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
2016-06-10 17:29 - 2016-06-10 17:29 - 00000093 _____ C:\Windows\wininit.ini
2016-06-10 16:35 - 2016-06-11 03:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-10 15:08 - 2016-06-10 15:08 - 00000000 ____D C:\Users\Chris\Desktop\pass
2016-06-10 15:05 - 2016-06-11 15:21 - 00124570 _____ C:\Windows\ntbtlog.txt
2016-06-10 10:16 - 2016-06-10 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-10 08:19 - 2016-06-11 04:01 - 00056088 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-10 01:31 - 2016-06-10 01:33 - 119065416 _____ (Apple Inc.) C:\Users\Chris\Downloads\iTunesSetup(1).exe
2016-06-10 00:04 - 2016-06-11 03:53 - 03612480 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-09 19:09 - 2016-06-09 19:09 - 00000000 ____D C:\Program Files\PrivaZer
2016-06-09 18:13 - 2016-06-09 21:19 - 00000000 ____D C:\Users\Chris\AppData\Local\PrivaZer
2016-06-09 18:13 - 2016-06-09 19:09 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2016-06-09 18:13 - 2016-06-09 19:09 - 00001630 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2016-06-09 18:13 - 2016-06-09 19:09 - 00001630 _____ C:\ProgramData\Desktop\PrivaZer.lnk
2016-06-09 18:13 - 2016-06-09 18:13 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2016-06-09 18:13 - 2016-06-09 18:13 - 00000000 ____D C:\ProgramData\privazer
2016-06-09 18:07 - 2016-06-09 18:07 - 07717128 _____ (Goversoft LLC) C:\Users\Chris\Desktop\privazer_free.exe
2016-06-09 17:57 - 2016-06-11 21:47 - 00276372 _____ C:\Windows\ZAM.krnl.trace
2016-06-09 17:57 - 2016-06-11 21:47 - 00036773 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-06-06 19:12 - 2016-06-06 19:15 - 102557752 _____ C:\Users\Chris\Downloads\6094194_hd.mp4
2016-06-06 08:20 - 2016-06-06 08:20 - 22851472 _____ (Malwarebytes ) C:\Users\Chris\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-06 07:15 - 2016-06-06 07:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DELL-530-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-06-06 07:14 - 2016-06-06 07:14 - 00000000 ____D C:\RegBackup
2016-06-06 06:52 - 2016-06-06 06:52 - 00001912 _____ C:\Users\Chris\Desktop\Tweaking.com - Windows Repair.lnk
2016-06-06 06:52 - 2016-06-06 06:52 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-06-06 06:52 - 2016-06-06 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-06 06:43 - 2016-06-06 06:43 - 21381936 _____ (Tweaking.com) C:\Users\Chris\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-06-02 23:01 - 2016-06-02 23:01 - 00016185 ____R C:\Pre_Scan_02_06_2016_23_01_37.txt
2016-06-02 23:01 - 2016-06-02 23:01 - 00000757 _____ C:\Users\Chris\Desktop\Internet Explorer.lnk
2016-06-02 22:03 - 2016-06-11 21:43 - 00000000 ____D C:\Pre_Scan
2016-06-02 22:03 - 2016-06-02 22:41 - 00001478 _____ C:\Users\Chris\Desktop\Pre_Scan_Restore.lnk
2016-06-02 21:55 - 2016-06-02 21:56 - 03449360 _____ (SosVirus) C:\Users\Chris\Desktop\Pre_Scan.exe
2016-06-02 21:45 - 2016-06-02 21:45 - 00012344 _____ C:\Users\Chris\Desktop\Winsock.reg
2016-06-02 21:44 - 2016-06-02 21:44 - 00121254 _____ C:\Users\Chris\Desktop\WinSock2.reg
2016-06-01 10:03 - 2016-06-01 10:03 - 00494961 _____ (glax24 (safezone.cc)) C:\Users\Chris\Downloads\SecurityCheck.exe
2016-06-01 10:03 - 2016-06-01 10:03 - 00000000 ____D C:\SecurityCheck
2016-06-01 03:46 - 2016-06-01 03:46 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Chris\Downloads\esetonlinescanner_enu(1).exe
2016-06-01 03:31 - 2016-06-01 03:31 - 00000000 ____D C:\Users\Chris\AppData\Local\ESET
2016-05-31 20:50 - 2016-06-10 10:17 - 00001687 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-05-31 20:50 - 2016-06-10 10:17 - 00001687 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2016-05-31 20:50 - 2016-06-10 10:17 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-05-31 20:50 - 2016-05-31 20:50 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2016-05-31 20:50 - 2016-05-31 20:50 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2016-05-31 20:50 - 2016-05-31 20:50 - 00000000 ____D C:\Users\Chris\AppData\Local\Zemana
2016-05-31 20:48 - 2016-05-31 20:49 - 05574416 _____ ( ) C:\Users\Chris\Desktop\Zemana.AntiMalware.Setup.exe
2016-05-31 20:11 - 2016-05-31 20:11 - 03677248 _____ C:\Users\Chris\Desktop\adwcleaner_5.119(1).exe
2016-05-31 20:10 - 2016-05-31 20:10 - 01610816 _____ (Malwarebytes) C:\Users\Chris\Downloads\JRT.exe
2016-05-31 20:07 - 2016-05-31 20:07 - 03677248 _____ C:\Users\Chris\Downloads\adwcleaner_5.119.exe
2016-05-31 20:06 - 2016-05-31 20:07 - 01610816 _____ (Malwarebytes) C:\Users\Chris\Desktop\JRT.exe
2016-05-30 20:44 - 2016-06-11 21:47 - 01735680 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2016-05-30 14:48 - 2016-06-10 23:20 - 00000000 ____D C:\Users\Chris\Desktop\tat
2016-05-27 11:57 - 2016-06-03 08:11 - 1544704000 _____ C:\Users\Chris\Desktop\DG44.avi
2016-05-16 20:15 - 2016-06-10 10:24 - 00001356 _____ C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-05-15 23:34 - 2016-05-15 23:34 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Chris\Downloads\flashplayer21pp_ha_install.exe
2016-05-15 23:33 - 2016-05-15 23:37 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Chris\Downloads\flashplayer21_ha_install.exe
2016-05-13 22:25 - 2016-05-13 22:25 - 02870984 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 21:47 - 2016-03-11 01:22 - 00000000 ____D C:\FRST
2016-06-11 21:47 - 2012-12-13 20:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-11 21:43 - 2011-02-04 13:24 - 00000000 ____D C:\Users\Chris
2016-06-11 21:41 - 2014-06-02 22:04 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-11 21:01 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-11 21:01 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-11 15:03 - 2014-06-02 22:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2016-06-11 15:03 - 2013-05-06 14:42 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-06-11 15:01 - 2014-06-02 22:04 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 15:01 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-11 15:01 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-11 04:45 - 2006-11-02 14:01 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-11 04:08 - 2013-01-12 14:37 - 00000000 ____D C:\Users\Chris\AppData\Local\Skitch
2016-06-11 03:52 - 2016-03-29 01:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-11 00:32 - 2013-07-23 22:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2016-06-10 23:21 - 2015-06-18 17:12 - 00000000 ____D C:\Program Files\PeerBlock
2016-06-10 22:59 - 2016-02-24 15:25 - 00018432 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-10 21:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Web
2016-06-10 21:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-06-10 21:34 - 2006-11-02 11:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-10 13:42 - 2016-04-12 18:19 - 00000000 ____D C:\AdwCleaner
2016-06-09 21:18 - 2012-12-19 19:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\dvdcss
2016-06-09 19:01 - 2016-04-28 04:31 - 00000000 ____D C:\Users\Chris\Desktop\Lauzv1
2016-06-09 18:25 - 2012-03-25 04:14 - 00000000 ____D C:\Users\Chris\AppData\Roaming\RealNetworks
2016-06-06 08:25 - 2014-06-02 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-06 08:25 - 2014-06-02 22:10 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-06 08:25 - 2013-08-23 17:11 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-06 08:25 - 2013-08-23 17:11 - 00000859 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-31 20:37 - 2011-12-31 14:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2016-05-24 12:37 - 2008-10-23 13:07 - 00000000 ____D C:\Program Files\WinRAR
2016-05-22 21:17 - 2012-10-25 16:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-22 21:17 - 2012-10-25 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-21 03:43 - 2016-04-28 04:03 - 00000000 ____D C:\Users\Chris\Desktop\New Folder (4)
2016-05-20 16:36 - 2012-03-30 08:47 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-05-20 03:08 - 2015-09-06 18:04 - 07587944 _____ C:\Users\Chris\Downloads\VID-20141016-WA0022.mp4
2016-05-20 03:08 - 2015-09-06 18:04 - 06319144 _____ C:\Users\Chris\Downloads\VID-20141015-WA0004.mp4
2016-05-20 03:08 - 2012-01-11 22:38 - 00294365 _____ C:\Users\Chris\Downloads\vid2.3gp
2016-05-20 03:07 - 2012-01-11 21:22 - 07718796 _____ C:\Users\Chris\Downloads\33.MPG
2016-05-19 05:30 - 2012-03-18 01:20 - 05032325 _____ C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp
2016-05-19 05:30 - 2012-01-11 22:39 - 01327423 _____ C:\Users\Chris\Downloads\a.3gp
2016-05-17 18:22 - 2012-02-09 18:01 - 00000000 ____D C:\ProgramData\Sophos
2016-05-17 11:06 - 2013-02-18 19:35 - 333690880 _____ C:\Users\Chris\Desktop\VTS_01_1.VOB
2016-05-16 16:24 - 2014-08-27 21:55 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2016-05-16 16:18 - 2012-12-13 20:48 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-16 16:18 - 2012-12-13 20:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-03-06 18:13 - 2016-03-06 19:54 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2016-05-16 20:15 - 2016-06-10 10:24 - 0001356 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-02-24 15:25 - 2016-06-10 22:59 - 0018432 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-11 15:14

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-06-2016
Ran by Chris (2016-06-11 21:48:29)
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-02-04 10:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM\...\9-lab Removal Tool) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version:  - )
InPlay IPTV (HKLM\...\{4CE87481-C78C-4543-9AA0-2117CD5BF917}) (Version: 4.0.0 - Cobain ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Video Converter version  5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
PressReader (HKLM\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.4.0 - Goversoft LLC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.40 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.985 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6092D648-6209-4D6F-9B67-908F6DA777DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-16] (Adobe Systems Incorporated)
Task: {7B0D0E5D-6160-4D24-AFCA-843EF27CC68C} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [2016-06-09] (Goversoft LLC)
Task: {81299577-48B7-47C7-B9FA-17EB8888CE59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-05] (AVAST Software)
Task: {85281012-34B8-4BAA-9EF3-93B5EA5F07FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8A6403D3-82D2-4E66-8DBE-0E6A1517755E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B5994990-AF0F-420B-9986-E6D7790F44DE} - System32\Tasks\SafeZone scheduled Autoupdate 1449186754 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {C0BB004D-9824-4D0E-9F70-09C1D3B6DBDB} - \WiseCleaner\AidSkipUAC -> No File <==== ATTENTION
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Chris\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:32 - 2016-05-05 21:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-20 18:32 - 2016-05-05 21:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-11 11:21 - 2016-06-11 11:21 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061100\algo.dll
2015-12-04 00:36 - 2016-05-05 21:18 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-12-04 00:36 - 2016-05-05 21:18 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-03-25 06:27 - 2013-03-08 10:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2015-03-14 03:20 - 2015-12-04 00:36 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-26 08:44 - 2015-08-26 08:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2016-02-10 11:52 - 2016-02-10 11:52 - 00687040 _____ () C:\Program Files\9-lab\Removal Tool\ylib.dll
2016-05-12 20:47 - 2016-05-16 16:18 - 19427520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll
2016-05-31 20:51 - 2016-05-31 20:51 - 00104304 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chris\Desktop\DG44.avi:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141015-WA0004.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141016-WA0022.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 16:22 - 2016-06-11 21:42 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{12BEC677-E9D6-44B9-BABE-F2063712476A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{63B46E60-3403-4499-A84A-2E131052042D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{8A2CDAB7-C624-476B-ACB6-6438F20771BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4C07212B-7261-48AE-8CF5-CF5ADEBCF653}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4F28AA14-0F19-4A58-B789-1EE8248DB027}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{01072E77-9C3B-4616-930C-17F242C61391}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{B4B0273B-6E73-4483-AA42-4F3F1458FF14}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => Enabled:pre-scan_6_31.05.2016.1
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

06-06-2016 00:27:54 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2016 04:30:09 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).

Error: (06/11/2016 04:30:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).

Error: (06/11/2016 04:30:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.


Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (06/11/2016 04:30:09 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (06/11/2016 04:30:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (06/11/2016 04:30:09 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (06/11/2016 03:05:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\GRP5G9Y0.DEFAULT-1465568326873\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/11/2016 12:40:09 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).

Error: (06/11/2016 12:40:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).

Error: (06/11/2016 12:40:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.


Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated


System errors:
=============
Error: (06/11/2016 03:07:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (06/11/2016 03:02:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Wise Boot Assistant%%2

Error: (06/11/2016 03:02:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel AGP Bus Filter%%1058

Error: (06/11/2016 11:25:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (06/11/2016 11:20:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Wise Boot Assistant%%2

Error: (06/11/2016 11:20:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel AGP Bus Filter%%1058

Error: (06/11/2016 11:19:41 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 06:49:03 on 11/06/2016 was unexpected.

Error: (06/11/2016 04:47:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Wise Boot Assistant%%2

Error: (06/11/2016 04:47:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel AGP Bus Filter%%1058

Error: (06/11/2016 04:33:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Wise Boot Assistant%%2


CodeIntegrity:
===================================
  Date: 2016-06-11 21:48:00.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 21:48:00.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 21:47:59.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 21:47:59.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:11.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:11.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:11.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:11.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:10.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 17:03:10.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 66%
Total physical RAM: 3060.45 MB
Available physical RAM: 1032.88 MB
Total Virtual: 6331.9 MB
Available Virtual: 3630.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:160.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Removable) (Total:29.27 GB) (Free:21.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 12 June 2016 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [X]
U3 Cmbatt; no ImagePath
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
U3 Wwansvc; no ImagePath
Task: {C0BB004D-9824-4D0E-9F70-09C1D3B6DBDB} - \WiseCleaner\AidSkipUAC -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Chris\Desktop\DG44.avi:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141015-WA0004.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141016-WA0022.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV [130]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#3 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 12 June 2016 - 02:33 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:12-06-2016 01
Ran by Chris (2016-06-12 19:56:10) Run:4
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [X]
U3 Cmbatt; no ImagePath
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
U3 Wwansvc; no ImagePath
Task: {C0BB004D-9824-4D0E-9F70-09C1D3B6DBDB} - \WiseCleaner\AidSkipUAC -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Chris\Desktop\DG44.avi:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141015-WA0004.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\VID-20141016-WA0022.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV [130]

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
WiseBootAssistant => service removed successfully.
Cmbatt => service removed successfully.
ERSvc => service removed successfully.
IAStorDataMgrsvc => service removed successfully.
NIHardwareService => service removed successfully.
NVSvc => service removed successfully.
Power => service removed successfully.
SppSvc => service removed successfully.
srService => service removed successfully.
Wwansvc => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0BB004D-9824-4D0E-9F70-09C1D3B6DBDB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0BB004D-9824-4D0E-9F70-09C1D3B6DBDB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\AidSkipUAC" => key removed successfully.
C:\Users\Chris\Desktop\DG44.avi => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Desktop\VTS_01_1.VOB => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\33.MPG => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\a.3gp => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\VID-20141015-WA0004.mp4 => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\VID-20141016-WA0022.mp4 => ":TOC.WMV" ADS removed successfully..
C:\Users\Chris\Downloads\vid2.3gp => ":TOC.WMV" ADS removed successfully..
EmptyTemp: => 172 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-12 20:30:45)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 20:30:45 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 13 June 2016 - 07:09 AM

Error: (0) Failed to create a restore point.


Please check this.

Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7


Create a restore point in Vista.
http://www.techrepublic.com/article/how-do-i-create-and-use-system-restore-in-windows-vista/
===

How is the computer running now?

#5 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 June 2016 - 10:06 AM

tried to do it and got message saying restore point could not be created due to  catastropic failure 0x8000FFFF

 

is that a worry?

 

comp seems fine now, did you find anything bad/wrong?

do i need to change passwords, was anything compromised?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 14 June 2016 - 08:36 AM

This program will recreate the correct registry setting and re-register all VSS components. Please download one of the below programs to fix your problem:

Operating system 32 or 64 bit.

VSSfix 32bit
http://updates.macrium.com/reflect/utilities/vssfix.exe

VSSfix 64bit
http://updates.macrium.com/reflect/utilities/vssfixx64.exe

You can right click the exe file and run as Administrator in normal mode and see if that solves the problem. If not try running in Safe Mode.

Keep me posted.

#7 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 14 June 2016 - 11:30 AM

that worked and done system restore

 

did you find anything bad? do i need to change passwords? my computer is really slow and when I type it takes about 5 seconds before the words appear on the screen



#8 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 14 June 2016 - 11:32 AM

also keep getting problem loading page too



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 15 June 2016 - 07:37 AM

Check for missing or corrupted Operating files in your system.

Execute the instructions on this page.
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html


===

Make sure you have all the latest Windows updates.


Keep me posted.

#10 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 15 June 2016 - 11:22 AM

gave me message found some windows resource protection courrpt files but unable to fix all of them

wouldnt let me access the wiondows cbs.log file to see


Edited by tank44, 15 June 2016 - 11:23 AM.


#11 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 15 June 2016 - 12:58 PM

did you find anything dodgy that i need to change passwords? any malware or viruses?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 16 June 2016 - 07:38 AM

Navigate to this Microsoft pape.
https://support.microsoft.com/en-ca/kb/929833

Under this heading How to view details of the System File Checker process you will find this command.

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Execute it as suggested.
I sugges you copy and paste the complete line to the Command prompt.

Post the log for my review.
===

You may change you passwords for important communication. It's your call.

#13 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 16 June 2016 - 12:48 PM

did you find anything bad?



#14 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 16 June 2016 - 12:52 PM

i did that but when the sfcdetails appeared on my desktop it was empty



#15 tank44

tank44
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 16 June 2016 - 02:46 PM

i ran sfc check and there was the log

 

2016-06-16 20:24:51, Info                  CSI    00000006 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:24:51, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:00, Info                  CSI    00000009 [SR] Verify complete
2016-06-16 20:25:01, Info                  CSI    0000000a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:01, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:06, Info                  CSI    0000000d [SR] Verify complete
2016-06-16 20:25:06, Info                  CSI    0000000e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:06, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:08, Info                  CSI    00000011 [SR] Verify complete
2016-06-16 20:25:09, Info                  CSI    00000012 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:09, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:10, Info                  CSI    00000015 [SR] Verify complete
2016-06-16 20:25:10, Info                  CSI    00000016 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:10, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:12, Info                  CSI    00000019 [SR] Verify complete
2016-06-16 20:25:13, Info                  CSI    0000001a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:13, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:14, Info                  CSI    0000001d [SR] Verify complete
2016-06-16 20:25:14, Info                  CSI    0000001e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:14, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:15, Info                  CSI    00000021 [SR] Verify complete
2016-06-16 20:25:16, Info                  CSI    00000022 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:16, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:17, Info                  CSI    00000025 [SR] Verify complete
2016-06-16 20:25:18, Info                  CSI    00000026 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:18, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:19, Info                  CSI    00000029 [SR] Verify complete
2016-06-16 20:25:19, Info                  CSI    0000002a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:19, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:20, Info                  CSI    0000002d [SR] Verify complete
2016-06-16 20:25:21, Info                  CSI    0000002e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:21, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:22, Info                  CSI    00000031 [SR] Verify complete
2016-06-16 20:25:22, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:22, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:24, Info                  CSI    00000035 [SR] Verify complete
2016-06-16 20:25:24, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:24, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:25, Info                  CSI    00000039 [SR] Verify complete
2016-06-16 20:25:26, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:26, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:27, Info                  CSI    0000003d [SR] Verify complete
2016-06-16 20:25:28, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:28, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:29, Info                  CSI    00000041 [SR] Verify complete
2016-06-16 20:25:30, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:30, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:31, Info                  CSI    00000045 [SR] Verify complete
2016-06-16 20:25:32, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:32, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:33, Info                  CSI    00000049 [SR] Verify complete
2016-06-16 20:25:34, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:34, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:35, Info                  CSI    0000004d [SR] Verify complete
2016-06-16 20:25:35, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:35, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:37, Info                  CSI    00000051 [SR] Verify complete
2016-06-16 20:25:37, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:37, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:39, Info                  CSI    00000055 [SR] Verify complete
2016-06-16 20:25:39, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:39, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:40, Info                  CSI    00000059 [SR] Verify complete
2016-06-16 20:25:41, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:41, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:42, Info                  CSI    0000005d [SR] Verify complete
2016-06-16 20:25:42, Info                  CSI    0000005e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:42, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:44, Info                  CSI    00000061 [SR] Verify complete
2016-06-16 20:25:44, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:44, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:45, Info                  CSI    00000065 [SR] Verify complete
2016-06-16 20:25:46, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:46, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:48, Info                  CSI    00000069 [SR] Verify complete
2016-06-16 20:25:48, Info                  CSI    0000006a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:48, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:49, Info                  CSI    0000006d [SR] Verify complete
2016-06-16 20:25:50, Info                  CSI    0000006e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:50, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:51, Info                  CSI    00000071 [SR] Verify complete
2016-06-16 20:25:52, Info                  CSI    00000072 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:52, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:54, Info                  CSI    00000075 [SR] Verify complete
2016-06-16 20:25:54, Info                  CSI    00000076 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:54, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:56, Info                  CSI    00000079 [SR] Verify complete
2016-06-16 20:25:56, Info                  CSI    0000007a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:56, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2016-06-16 20:25:58, Info                  CSI    0000007d [SR] Verify complete
2016-06-16 20:25:59, Info                  CSI    0000007e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:25:59, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:00, Info                  CSI    00000081 [SR] Verify complete
2016-06-16 20:26:00, Info                  CSI    00000082 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:00, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:02, Info                  CSI    00000085 [SR] Verify complete
2016-06-16 20:26:02, Info                  CSI    00000086 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:02, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:04, Info                  CSI    00000089 [SR] Verify complete
2016-06-16 20:26:05, Info                  CSI    0000008a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:05, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:07, Info                  CSI    0000008d [SR] Verify complete
2016-06-16 20:26:07, Info                  CSI    0000008e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:07, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:08, Info                  CSI    00000091 [SR] Verify complete
2016-06-16 20:26:09, Info                  CSI    00000092 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:09, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:11, Info                  CSI    00000095 [SR] Verify complete
2016-06-16 20:26:11, Info                  CSI    00000096 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:11, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:16, Info                  CSI    00000099 [SR] Verify complete
2016-06-16 20:26:16, Info                  CSI    0000009a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:16, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:20, Info                  CSI    0000009d [SR] Verify complete
2016-06-16 20:26:20, Info                  CSI    0000009e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:20, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:26, Info                  CSI    000000a1 [SR] Verify complete
2016-06-16 20:26:26, Info                  CSI    000000a2 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:26, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:32, Info                  CSI    000000a6 [SR] Verify complete
2016-06-16 20:26:33, Info                  CSI    000000a7 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:33, Info                  CSI    000000a8 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:39, Info                  CSI    000000ab [SR] Verify complete
2016-06-16 20:26:40, Info                  CSI    000000ac [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:40, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:43, Info                  CSI    000000ae [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-06-16 20:26:45, Info                  CSI    000000af [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-06-16 20:26:45, Info                  CSI    000000b0 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-06-16 20:26:46, Info                  CSI    000000b2 [SR] Verify complete
2016-06-16 20:26:46, Info                  CSI    000000b3 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:46, Info                  CSI    000000b4 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:54, Info                  CSI    000000be [SR] Verify complete
2016-06-16 20:26:54, Info                  CSI    000000bf [SR] Verifying 100 (0x00000064) components
2016-06-16 20:26:54, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
2016-06-16 20:26:59, Info                  CSI    000000c2 [SR] Verify complete
2016-06-16 20:27:00, Info                  CSI    000000c3 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:00, Info                  CSI    000000c4 [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:05, Info                  CSI    000000c6 [SR] Verify complete
2016-06-16 20:27:06, Info                  CSI    000000c7 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:06, Info                  CSI    000000c8 [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:11, Info                  CSI    000000ca [SR] Verify complete
2016-06-16 20:27:12, Info                  CSI    000000cb [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:12, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:19, Info                  CSI    000000ce [SR] Verify complete
2016-06-16 20:27:20, Info                  CSI    000000cf [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:20, Info                  CSI    000000d0 [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:29, Info                  CSI    000000d4 [SR] Verify complete
2016-06-16 20:27:30, Info                  CSI    000000d5 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:30, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:41, Info                  CSI    000000d8 [SR] Verify complete
2016-06-16 20:27:42, Info                  CSI    000000d9 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:42, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2016-06-16 20:27:59, Info                  CSI    000000dc [SR] Verify complete
2016-06-16 20:27:59, Info                  CSI    000000dd [SR] Verifying 100 (0x00000064) components
2016-06-16 20:27:59, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:13, Info                  CSI    000000e0 [SR] Verify complete
2016-06-16 20:28:13, Info                  CSI    000000e1 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:13, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:17, Info                  CSI    000000e4 [SR] Verify complete
2016-06-16 20:28:17, Info                  CSI    000000e5 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:17, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:20, Info                  CSI    000000e8 [SR] Verify complete
2016-06-16 20:28:21, Info                  CSI    000000e9 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:21, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:26, Info                  CSI    000000ec [SR] Verify complete
2016-06-16 20:28:27, Info                  CSI    000000ed [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:27, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:35, Info                  CSI    0000010c [SR] Verify complete
2016-06-16 20:28:36, Info                  CSI    0000010d [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:36, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:39, Info                  CSI    00000110 [SR] Verify complete
2016-06-16 20:28:40, Info                  CSI    00000111 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:40, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:45, Info                  CSI    00000114 [SR] Verify complete
2016-06-16 20:28:45, Info                  CSI    00000115 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:45, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2016-06-16 20:28:51, Info                  CSI    00000118 [SR] Verify complete
2016-06-16 20:28:52, Info                  CSI    00000119 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:28:52, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:00, Info                  CSI    0000011c [SR] Verify complete
2016-06-16 20:29:01, Info                  CSI    0000011d [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:01, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:09, Info                  CSI    00000121 [SR] Verify complete
2016-06-16 20:29:09, Info                  CSI    00000122 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:09, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:13, Info                  CSI    00000125 [SR] Verify complete
2016-06-16 20:29:13, Info                  CSI    00000126 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:13, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:22, Info                  CSI    00000129 [SR] Verify complete
2016-06-16 20:29:22, Info                  CSI    0000012a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:22, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:28, Info                  CSI    0000012d [SR] Verify complete
2016-06-16 20:29:29, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:29, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:36, Info                  CSI    00000131 [SR] Verify complete
2016-06-16 20:29:36, Info                  CSI    00000132 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:36, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:46, Info                  CSI    00000158 [SR] Verify complete
2016-06-16 20:29:47, Info                  CSI    00000159 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:47, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2016-06-16 20:29:59, Info                  CSI    0000015c [SR] Verify complete
2016-06-16 20:29:59, Info                  CSI    0000015d [SR] Verifying 100 (0x00000064) components
2016-06-16 20:29:59, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2016-06-16 20:30:17, Info                  CSI    00000160 [SR] Verify complete
2016-06-16 20:30:18, Info                  CSI    00000161 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:30:18, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2016-06-16 20:30:36, Info                  CSI    00000164 [SR] Verify complete
2016-06-16 20:30:36, Info                  CSI    00000165 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:30:36, Info                  CSI    00000166 [SR] Beginning Verify and Repair transaction
2016-06-16 20:30:43, Info                  CSI    00000168 [SR] Verify complete
2016-06-16 20:30:44, Info                  CSI    00000169 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:30:44, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2016-06-16 20:30:52, Info                  CSI    0000016c [SR] Verify complete
2016-06-16 20:30:53, Info                  CSI    0000016d [SR] Verifying 100 (0x00000064) components
2016-06-16 20:30:53, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2016-06-16 20:30:59, Info                  CSI    00000170 [SR] Verify complete
2016-06-16 20:30:59, Info                  CSI    00000171 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:30:59, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:05, Info                  CSI    00000175 [SR] Verify complete
2016-06-16 20:31:05, Info                  CSI    00000176 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:05, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:10, Info                  CSI    00000179 [SR] Verify complete
2016-06-16 20:31:11, Info                  CSI    0000017a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:11, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:26, Info                  CSI    0000017d [SR] Verify complete
2016-06-16 20:31:27, Info                  CSI    0000017e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:27, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:33, Info                  CSI    00000181 [SR] Verify complete
2016-06-16 20:31:34, Info                  CSI    00000182 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:34, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:46, Info                  CSI    00000185 [SR] Verify complete
2016-06-16 20:31:47, Info                  CSI    00000186 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:47, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2016-06-16 20:31:53, Info                  CSI    00000189 [SR] Verify complete
2016-06-16 20:31:54, Info                  CSI    0000018a [SR] Verifying 100 (0x00000064) components
2016-06-16 20:31:54, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:00, Info                  CSI    0000018d [SR] Verify complete
2016-06-16 20:32:00, Info                  CSI    0000018e [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:00, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:10, Info                  CSI    00000192 [SR] Verify complete
2016-06-16 20:32:10, Info                  CSI    00000193 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:10, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:22, Info                  CSI    00000196 [SR] Verify complete
2016-06-16 20:32:23, Info                  CSI    00000197 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:23, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:28, Info                  CSI    0000019a [SR] Verify complete
2016-06-16 20:32:28, Info                  CSI    0000019b [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:28, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:36, Info                  CSI    0000019e [SR] Verify complete
2016-06-16 20:32:36, Info                  CSI    0000019f [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:36, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:42, Info                  CSI    000001a3 [SR] Verify complete
2016-06-16 20:32:43, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:43, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:50, Info                  CSI    000001a9 [SR] Verify complete
2016-06-16 20:32:51, Info                  CSI    000001aa [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:51, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2016-06-16 20:32:59, Info                  CSI    000001ad [SR] Verify complete
2016-06-16 20:32:59, Info                  CSI    000001ae [SR] Verifying 100 (0x00000064) components
2016-06-16 20:32:59, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:08, Info                  CSI    000001b1 [SR] Verify complete
2016-06-16 20:33:08, Info                  CSI    000001b2 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:08, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:11, Info                  CSI    000001b5 [SR] Verify complete
2016-06-16 20:33:12, Info                  CSI    000001b6 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:12, Info                  CSI    000001b7 [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:18, Info                  CSI    000001b9 [SR] Verify complete
2016-06-16 20:33:19, Info                  CSI    000001ba [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:19, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:25, Info                  CSI    000001bd [SR] Verify complete
2016-06-16 20:33:25, Info                  CSI    000001be [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:25, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:30, Info                  CSI    000001c1 [SR] Verify complete
2016-06-16 20:33:30, Info                  CSI    000001c2 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:30, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:49, Info                  CSI    000001c5 [SR] Verify complete
2016-06-16 20:33:49, Info                  CSI    000001c6 [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:49, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
2016-06-16 20:33:54, Info                  CSI    000001c9 [SR] Verify complete
2016-06-16 20:33:55, Info                  CSI    000001ca [SR] Verifying 100 (0x00000064) components
2016-06-16 20:33:55, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2016-06-16 20:34:00, Info                  CSI    000001cd [SR] Verify complete
2016-06-16 20:34:00, Info                  CSI    000001ce [SR] Verifying 100 (0x00000064) components
2016-06-16 20:34:00, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2016-06-16 20:34:07, Info                  CSI    000001da [SR] Verify complete
2016-06-16 20:34:08, Info                  CSI    000001db [SR] Verifying 29 (0x0000001d) components
2016-06-16 20:34:08, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2016-06-16 20:34:09, Info                  CSI    000001de [SR] Verify complete
2016-06-16 20:34:09, Info                  CSI    000001df [SR] Repairing 1 components
2016-06-16 20:34:09, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2016-06-16 20:34:09, Info                  CSI    000001e1 [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-06-16 20:34:09, Info                  CSI    000001e2 [SR] Cannot repair member file [l:18{9}]"MSDTC.LOG" of Microsoft-Windows-COM-DTC-Runtime, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2016-06-16 20:34:09, Info                  CSI    000001e3 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-06-16 20:34:09, Info                  CSI    000001e5 [SR] Repair complete
2016-06-16 20:34:09, Info                  CSI    000001e6 [SR] Committing transaction
2016-06-16 20:34:10, Info                  CSI    000001ea [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users