Jump to content

02befree

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by 02befree

  1. Thanks for your help, I got the problem solved. I used Offline Windows Password & Registry Editor to change the user profile back to an adminstrator account, then MBAM installed fine and removed all the malware. I appreciate your willingness to assist.
  2. Thanks for your offer of help. You might mention that to copy and paste requires selecting the BBCode Mode. I've been trying to paste here for some time and I couldn't paste. I finally just clicked the top left button above and it worked. Strange. Here it is... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01 Ran by Sylvia (ATTENTION: The logged in user is not administrator) on GATESHPDESKTOP on 25-07-2014 01:25:43 Running from C:\Users\Sylvia\Desktop Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] () HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] () HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\bservice.exe HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-02-22] (Microsoft Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3698909352-716008168-3090414309-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] () HKU\S-1-5-21-3698909352-716008168-3090414309-1001\...\Policies\Explorer: [HideSCAHealth] 1 IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=13337&tm=327&src=ds&p={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM-x32 - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=13337&tm=327&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKCU - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll No File BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll No File BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll.dll No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-26] (Hewlett-Packard Company) [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed] R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-18] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) S2 0289851398176623mcinstcleanup; C:\windows\TEMP\028985~1.EXE -cleanup -nolog [X] S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 01:25 - 2014-07-25 01:26 - 00014819 _____ () C:\Users\Sylvia\Desktop\FRST.txt 2014-07-25 01:25 - 2014-07-25 01:24 - 02093568 _____ (Farbar) C:\Users\Sylvia\Desktop\FRST64.exe 2014-07-25 01:23 - 2014-07-25 01:25 - 00000000 ____D () C:\FRST 2014-07-25 01:10 - 2014-07-25 01:10 - 344503876 _____ () C:\windows\MEMORY.DMP 2014-07-25 01:10 - 2014-07-25 01:10 - 00000000 ____D () C:\windows\Minidump 2014-07-24 15:05 - 2014-07-24 15:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sylvia\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-24 15:02 - 2014-07-24 15:02 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-07-24 15:02 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\windows\system32\CNMLMBU.DLL 2014-07-24 10:55 - 2014-07-24 17:51 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-07-22 13:59 - 2014-07-22 13:59 - 00001496 _____ () C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Manager.lnk 2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\WildTangent 2014-07-10 08:18 - 2014-07-24 17:51 - 00000000 ____D () C:\ProgramData\systemk 2014-07-09 20:45 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-07-09 04:57 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 04:57 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 04:57 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 04:57 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 04:57 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-07-09 04:57 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2014-07-09 04:57 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2014-07-09 04:57 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2014-07-09 04:57 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2014-07-09 04:57 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 04:56 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 04:56 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 04:56 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 04:56 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 04:55 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 04:55 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 04:55 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 04:55 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 04:55 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 04:55 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 04:55 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 04:55 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 04:55 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 04:55 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 04:55 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 04:55 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 04:55 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 04:55 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 04:55 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 04:55 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 04:55 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 04:55 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 04:55 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 04:55 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 04:55 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 04:55 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 04:55 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 04:55 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 04:55 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 04:55 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-07-09 04:55 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll 2014-07-09 04:55 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2014-07-09 04:55 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2014-07-09 04:55 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 04:55 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-07-09 04:55 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-07-09 04:55 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 04:55 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2014-07-09 04:55 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2014-07-09 04:55 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-07-09 04:55 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll 2014-07-09 04:55 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-07-09 04:55 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll 2014-07-09 04:55 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-07-09 04:51 - 2014-07-09 04:51 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe 2014-07-05 16:35 - 2014-07-05 16:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 01:26 - 2014-07-25 01:25 - 00014819 _____ () C:\Users\Sylvia\Desktop\FRST.txt 2014-07-25 01:25 - 2014-07-25 01:23 - 00000000 ____D () C:\FRST 2014-07-25 01:24 - 2014-07-25 01:25 - 02093568 _____ (Farbar) C:\Users\Sylvia\Desktop\FRST64.exe 2014-07-25 01:23 - 2014-04-22 07:29 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\ClassicShell 2014-07-25 01:15 - 2013-08-24 14:38 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-25 01:14 - 2014-04-23 21:58 - 00000000 __RDO () C:\Users\Sylvia\SkyDrive 2014-07-25 01:10 - 2014-07-25 01:10 - 344503876 _____ () C:\windows\MEMORY.DMP 2014-07-25 01:10 - 2014-07-25 01:10 - 00000000 ____D () C:\windows\Minidump 2014-07-25 01:10 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-24 17:51 - 2014-07-24 10:55 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-07-24 17:51 - 2014-07-10 08:18 - 00000000 ____D () C:\ProgramData\systemk 2014-07-24 17:45 - 2014-02-20 12:48 - 00065536 _____ () C:\windows\system32\spu_storage.bin 2014-07-24 15:09 - 2014-04-22 07:19 - 01866673 _____ () C:\windows\WindowsUpdate.log 2014-07-24 15:08 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness 2014-07-24 15:05 - 2014-07-24 15:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sylvia\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-24 15:03 - 2014-04-22 07:21 - 00000000 ____D () C:\Users\Sylvia\AppData\Local\Packages 2014-07-24 15:02 - 2014-07-24 15:02 - 00000000 ___HD () C:\ProgramData\CanonBJ 2014-07-24 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru 2014-07-24 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\FxsTmp 2014-07-22 14:00 - 2014-04-29 05:48 - 00000384 _____ () C:\windows\Tasks\bench-sys.job 2014-07-22 13:59 - 2014-07-22 13:59 - 00001496 _____ () C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Manager.lnk 2014-07-16 16:52 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache 2014-07-12 21:03 - 2013-08-22 07:44 - 00476968 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData 2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 21:01 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore 2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\WildTangent 2014-07-09 20:48 - 2014-04-23 09:59 - 00000000 ____D () C:\windows\system32\MRT 2014-07-09 20:48 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp 2014-07-09 20:46 - 2014-04-23 09:59 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 20:45 - 2013-08-22 12:12 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 04:51 - 2014-07-09 04:51 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe 2014-07-05 16:35 - 2014-07-05 16:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-05 16:35 - 2013-08-22 07:46 - 00016901 _____ () C:\windows\setupact.log 2014-06-28 22:05 - 2014-04-22 07:21 - 00000000 ____D () C:\Users\Sylvia 2014-06-26 20:45 - 2014-04-22 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-26 13:55 - 2014-04-26 12:59 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-06-26 13:55 - 2014-04-26 12:59 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01 Ran by Sylvia at 2014-07-25 01:26:56 Running from C:\Users\Sylvia\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden AMD Catalyst Control Center (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{B38CC495-7657-3D5A-80C2-8D6E0ED8E638}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.5.6805 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.5.3103 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.5.3215 - CyberLink Corp.) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.) CyberLink PowerDVD 12 (x32 Version: 12.0.2.3212 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard) HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard) HP SimplePass (Version: 8.00.51 - Hewlett-Packard) Hidden HP Support Assistant (HKLM-x32\...\{390AD982-A331-4D4F-AFD1-64005BC7C99D}) (Version: 7.3.35.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Linkey (HKCU\...\Linkey) (Version: 0.0.0.431 - Aztec Media Inc) <==== ATTENTION Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.) Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTION Start Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Smart Apps) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\windows\Tasks\bench-sys.job => ? Task: C:\windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-06-13 05:09 - 2014-06-13 05:09 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-08-22 12:12 - 2013-08-22 12:12 - 00180224 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\ErrorReporting.dll 2013-06-05 16:51 - 2013-06-05 16:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Sylvia\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Sylvia\Documents\Password for sylviagates@comcast_net.eml:OECustomProperty AlternateDataStreams: C:\Users\Sylvia\Documents\Re_ Anna Paret DavisAnna Paret Davis.eml:OECustomProperty AlternateDataStreams: C:\Users\Sylvia\Documents\Re_ Gates in 3_2 acre field.eml:OECustomProperty AlternateDataStreams: C:\Users\Sylvia\Documents\Your Captain's chairs.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKCU\...\StartupApproved\Run: => "pcreg" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/25/2014 01:10:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5a4 Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 05:47:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5e8 Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 05:42:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5fc Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 05:32:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5e8 Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 05:26:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5e8 Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 03:13:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6f6c6f6e Faulting process id: 0x5c0 Faulting application start time: 0x028985~1.EXE0 Faulting application path: 028985~1.EXE1 Faulting module path: 028985~1.EXE2 Report Id: 028985~1.EXE3 Faulting package full name: 028985~1.EXE4 Faulting package-relative application ID: 028985~1.EXE5 Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected. Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored. Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored. System errors: ============= Error: (07/25/2014 01:18:09 AM) (Source: DCOM) (EventID: 10010) (User: GatesHPdesktop) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (07/25/2014 01:11:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The McAfee Application Installer Cleanup (0289851398176623) service terminated unexpectedly. It has done this 1 time(s). Error: (07/25/2014 01:10:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Systemk Service service failed to start due to the following error: %%2 Error: (07/25/2014 01:10:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Boot Delay Start Service service failed to start due to the following error: %%2 Error: (07/25/2014 01:10:50 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007a (0xfffff6e00048f858, 0xffffffffc000003f, 0x0000000115aff880, 0xffffc00091f0b69c)C:\windows\MEMORY.DMP072514-13890-01 Error: (07/25/2014 01:10:42 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:47:36 PM on ‎7/‎24/‎2014 was unexpected. Error: (07/25/2014 01:10:26 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 32212254731184432 Error: (07/24/2014 05:48:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The McAfee Application Installer Cleanup (0289851398176623) service terminated unexpectedly. It has done this 1 time(s). Error: (07/24/2014 05:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Boot Delay Start Service service failed to start due to the following error: %%2 Error: (07/24/2014 05:45:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (07/25/2014 01:10:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5a401cfa7dff145d9dbC:\windows\TEMP\028985~1.EXEunknown345b9c7e-13d3-11e4-8274-a0481ca69e1c Error: (07/24/2014 05:47:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa7a20882a622C:\windows\TEMP\028985~1.EXEunknown48bed91d-1395-11e4-8273-a0481ca69e1c Error: (07/24/2014 05:42:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5fc01cfa7a1471ff47dC:\windows\TEMP\028985~1.EXEunknown873f8b0e-1394-11e4-8272-a0481ca69e1c Error: (07/24/2014 05:32:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa79fe262be76C:\windows\TEMP\028985~1.EXEunknown22d8299b-1393-11e4-8271-a0481ca69e1c Error: (07/24/2014 05:26:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa79f0671cf06C:\windows\TEMP\028985~1.EXEunknown467bf079-1392-11e4-8270-a0481ca69e1c Error: (07/24/2014 03:13:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5c001cfa78c771b75d5C:\windows\TEMP\028985~1.EXEunknownb6d224b8-137f-11e4-826e-a0481ca69e1c Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033 Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: $Coreselect * from __TimerEvent__TimerEvent//./root Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2 Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: $Coreselect * from __TimerEvent__TimerEvent//./root/subscription CodeIntegrity Errors: =================================== Date: 2014-07-24 17:47:35.244 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:47:34.979 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:42:10.532 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:42:10.250 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:32:07.632 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:32:07.366 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:26:02.710 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 17:26:02.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 15:25:19.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-07-24 15:25:19.233 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 3533.1 MB Available physical RAM: 2332.43 MB Total Pagefile: 7117.1 MB Available Pagefile: 5829.03 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:449.69 GB) (Free:418.15 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:14.59 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  3. I've seen lots of posts about malware that won't allow programs to run or install, including MBAM, and how to remove it - but they none seem to apply to Windows 8. Even in Safe Mode I can't install anything, uninstall anything, or disable startup infections. Any help is appreciated. I am fairly tech savvy and rarely ever post for malware help, but this has got me beat.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.