Jump to content

The program is blocked by group policy - Windows 8


Recommended Posts

I've seen lots of posts about malware that won't allow programs to run or install, including MBAM, and how to remove it - but they none seem to apply to Windows 8.  Even in Safe Mode I can't install anything, uninstall anything, or disable startup infections.  Any help is appreciated.  I am fairly tech savvy and rarely ever post for malware help, but this has got me beat.

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Thanks for your offer of help. You might mention that to copy and paste requires selecting the BBCode Mode. I've been trying to paste here for some time and I couldn't paste. I finally just clicked the top left button above and it worked. Strange. Here it is...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01

Ran by Sylvia (ATTENTION: The logged in user is not administrator) on GATESHPDESKTOP on 25-07-2014 01:25:43

Running from C:\Users\Sylvia\Desktop

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] ()

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] ()

HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\bservice.exe

HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe

HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-02-22] (Microsoft Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3698909352-716008168-3090414309-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-17] ()

HKU\S-1-5-21-3698909352-716008168-3090414309-1001\...\Policies\Explorer: [HideSCAHealth] 1

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM-x32 - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKCU - {13CF8F17-3CBE-41EA-9C9C-2AAC28CB6740} URL =

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =

BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll No File

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll No File

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll No File

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Program Files (x86)\Linkey\IEExtension\iedll.dll No File

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)

R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-26] (Hewlett-Packard Company) [File not signed]

R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]

R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-18] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

S2 0289851398176623mcinstcleanup; C:\windows\TEMP\028985~1.EXE -cleanup -nolog [X]

S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 01:25 - 2014-07-25 01:26 - 00014819 _____ () C:\Users\Sylvia\Desktop\FRST.txt

2014-07-25 01:25 - 2014-07-25 01:24 - 02093568 _____ (Farbar) C:\Users\Sylvia\Desktop\FRST64.exe

2014-07-25 01:23 - 2014-07-25 01:25 - 00000000 ____D () C:\FRST

2014-07-25 01:10 - 2014-07-25 01:10 - 344503876 _____ () C:\windows\MEMORY.DMP

2014-07-25 01:10 - 2014-07-25 01:10 - 00000000 ____D () C:\windows\Minidump

2014-07-24 15:05 - 2014-07-24 15:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sylvia\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-24 15:02 - 2014-07-24 15:02 - 00000000 ___HD () C:\ProgramData\CanonBJ

2014-07-24 15:02 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\windows\system32\CNMLMBU.DLL

2014-07-24 10:55 - 2014-07-24 17:51 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0

2014-07-22 13:59 - 2014-07-22 13:59 - 00001496 _____ () C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Manager.lnk

2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\WildTangent

2014-07-10 08:18 - 2014-07-24 17:51 - 00000000 ____D () C:\ProgramData\systemk

2014-07-09 20:45 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2014-07-09 04:57 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe

2014-07-09 04:57 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\osk.exe

2014-07-09 04:57 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-07-09 04:57 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys

2014-07-09 04:57 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2014-07-09 04:57 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2014-07-09 04:57 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2014-07-09 04:57 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2014-07-09 04:57 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2014-07-09 04:57 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-07-09 04:56 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-07-09 04:56 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-07-09 04:56 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-07-09 04:56 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-07-09 04:55 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-07-09 04:55 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-07-09 04:55 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-07-09 04:55 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-07-09 04:55 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-07-09 04:55 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-07-09 04:55 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-07-09 04:55 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-07-09 04:55 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-07-09 04:55 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-07-09 04:55 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-07-09 04:55 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-07-09 04:55 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-07-09 04:55 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-07-09 04:55 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-07-09 04:55 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-07-09 04:55 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-07-09 04:55 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-07-09 04:55 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-07-09 04:55 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-07-09 04:55 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-07-09 04:55 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-07-09 04:55 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-07-09 04:55 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2014-07-09 04:55 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll

2014-07-09 04:55 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe

2014-07-09 04:55 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll

2014-07-09 04:55 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll

2014-07-09 04:55 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll

2014-07-09 04:55 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 04:55 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll

2014-07-09 04:55 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll

2014-07-09 04:55 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 04:55 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll

2014-07-09 04:55 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll

2014-07-09 04:55 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll

2014-07-09 04:55 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll

2014-07-09 04:55 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-07-09 04:55 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll

2014-07-09 04:55 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-07-09 04:51 - 2014-07-09 04:51 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe

2014-07-05 16:35 - 2014-07-05 16:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 01:26 - 2014-07-25 01:25 - 00014819 _____ () C:\Users\Sylvia\Desktop\FRST.txt

2014-07-25 01:25 - 2014-07-25 01:23 - 00000000 ____D () C:\FRST

2014-07-25 01:24 - 2014-07-25 01:25 - 02093568 _____ (Farbar) C:\Users\Sylvia\Desktop\FRST64.exe

2014-07-25 01:23 - 2014-04-22 07:29 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\ClassicShell

2014-07-25 01:15 - 2013-08-24 14:38 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI

2014-07-25 01:14 - 2014-04-23 21:58 - 00000000 __RDO () C:\Users\Sylvia\SkyDrive

2014-07-25 01:10 - 2014-07-25 01:10 - 344503876 _____ () C:\windows\MEMORY.DMP

2014-07-25 01:10 - 2014-07-25 01:10 - 00000000 ____D () C:\windows\Minidump

2014-07-25 01:10 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-07-24 17:51 - 2014-07-24 10:55 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0

2014-07-24 17:51 - 2014-07-10 08:18 - 00000000 ____D () C:\ProgramData\systemk

2014-07-24 17:45 - 2014-02-20 12:48 - 00065536 _____ () C:\windows\system32\spu_storage.bin

2014-07-24 15:09 - 2014-04-22 07:19 - 01866673 _____ () C:\windows\WindowsUpdate.log

2014-07-24 15:08 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness

2014-07-24 15:05 - 2014-07-24 15:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sylvia\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-24 15:03 - 2014-04-22 07:21 - 00000000 ____D () C:\Users\Sylvia\AppData\Local\Packages

2014-07-24 15:02 - 2014-07-24 15:02 - 00000000 ___HD () C:\ProgramData\CanonBJ

2014-07-24 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru

2014-07-24 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\FxsTmp

2014-07-22 14:00 - 2014-04-29 05:48 - 00000384 _____ () C:\windows\Tasks\bench-sys.job

2014-07-22 13:59 - 2014-07-22 13:59 - 00001496 _____ () C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Manager.lnk

2014-07-16 16:52 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache

2014-07-12 21:03 - 2013-08-22 07:44 - 00476968 _____ () C:\windows\system32\FNTCACHE.DAT

2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData

2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-12 21:02 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-12 21:01 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore

2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____D () C:\Users\Sylvia\AppData\Roaming\WildTangent

2014-07-09 20:48 - 2014-04-23 09:59 - 00000000 ____D () C:\windows\system32\MRT

2014-07-09 20:48 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp

2014-07-09 20:46 - 2014-04-23 09:59 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-07-09 20:45 - 2013-08-22 12:12 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-09 04:51 - 2014-07-09 04:51 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe

2014-07-05 16:35 - 2014-07-05 16:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-07-05 16:35 - 2013-08-22 07:46 - 00016901 _____ () C:\windows\setupact.log

2014-06-28 22:05 - 2014-04-22 07:21 - 00000000 ____D () C:\Users\Sylvia

2014-06-26 20:45 - 2014-04-22 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-26 13:55 - 2014-04-26 12:59 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-06-26 13:55 - 2014-04-26 12:59 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01

Ran by Sylvia at 2014-07-25 01:26:56

Running from C:\Users\Sylvia\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)

Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{B38CC495-7657-3D5A-80C2-8D6E0ED8E638}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0910.2221.38361 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0910.2222.38361 - Advanced Micro Devices, Inc.) Hidden

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.5.6805 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)

CyberLink Media Suite 10 (x32 Version: 10.0.5.3103 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.5.3215 - CyberLink Corp.) Hidden

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)

CyberLink PowerDVD 12 (x32 Version: 12.0.2.3212 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)

HP SimplePass (Version: 8.00.51 - Hewlett-Packard) Hidden

HP Support Assistant (HKLM-x32\...\{390AD982-A331-4D4F-AFD1-64005BC7C99D}) (Version: 7.3.35.12 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)

Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden

Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Linkey (HKCU\...\Linkey) (Version: 0.0.0.431 - Aztec Media Inc) <==== ATTENTION

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)

Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)

Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTION

Start Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Smart Apps)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\windows\Tasks\bench-sys.job => ?

Task: C:\windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-06-13 05:09 - 2014-06-13 05:09 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-08-22 12:12 - 2013-08-22 12:12 - 00180224 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\ErrorReporting.dll

2013-06-05 16:51 - 2013-06-05 16:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Sylvia\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Sylvia\Documents\Password for sylviagates@comcast_net.eml:OECustomProperty

AlternateDataStreams: C:\Users\Sylvia\Documents\Re_ Anna Paret DavisAnna Paret Davis.eml:OECustomProperty

AlternateDataStreams: C:\Users\Sylvia\Documents\Re_ Gates in 3_2 acre field.eml:OECustomProperty

AlternateDataStreams: C:\Users\Sylvia\Documents\Your Captain's chairs.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "pcreg"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/25/2014 01:10:57 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5a4

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 05:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5e8

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 05:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5fc

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 05:32:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5e8

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 05:26:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5e8

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 03:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 028985~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x6f6c6f6e

Faulting process id: 0x5c0

Faulting application start time: 0x028985~1.EXE0

Faulting application path: 028985~1.EXE1

Faulting module path: 028985~1.EXE2

Report Id: 028985~1.EXE3

Faulting package full name: 028985~1.EXE4

Faulting package-relative application ID: 028985~1.EXE5

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)

Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.

System errors:

=============

Error: (07/25/2014 01:18:09 AM) (Source: DCOM) (EventID: 10010) (User: GatesHPdesktop)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (07/25/2014 01:11:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The McAfee Application Installer Cleanup (0289851398176623) service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2014 01:10:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Systemk Service service failed to start due to the following error:

%%2

Error: (07/25/2014 01:10:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Boot Delay Start Service service failed to start due to the following error:

%%2

Error: (07/25/2014 01:10:50 AM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x0000007a (0xfffff6e00048f858, 0xffffffffc000003f, 0x0000000115aff880, 0xffffc00091f0b69c)C:\windows\MEMORY.DMP072514-13890-01

Error: (07/25/2014 01:10:42 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:47:36 PM on ‎7/‎24/‎2014 was unexpected.

Error: (07/25/2014 01:10:26 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 32212254731184432

Error: (07/24/2014 05:48:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The McAfee Application Installer Cleanup (0289851398176623) service terminated unexpectedly. It has done this 1 time(s).

Error: (07/24/2014 05:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Boot Delay Start Service service failed to start due to the following error:

%%2

Error: (07/24/2014 05:45:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:

=========================

Error: (07/25/2014 01:10:57 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5a401cfa7dff145d9dbC:\windows\TEMP\028985~1.EXEunknown345b9c7e-13d3-11e4-8274-a0481ca69e1c

Error: (07/24/2014 05:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa7a20882a622C:\windows\TEMP\028985~1.EXEunknown48bed91d-1395-11e4-8273-a0481ca69e1c

Error: (07/24/2014 05:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5fc01cfa7a1471ff47dC:\windows\TEMP\028985~1.EXEunknown873f8b0e-1394-11e4-8272-a0481ca69e1c

Error: (07/24/2014 05:32:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa79fe262be76C:\windows\TEMP\028985~1.EXEunknown22d8299b-1393-11e4-8271-a0481ca69e1c

Error: (07/24/2014 05:26:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5e801cfa79f0671cf06C:\windows\TEMP\028985~1.EXEunknown467bf079-1392-11e4-8270-a0481ca69e1c

Error: (07/24/2014 03:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: 028985~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000056f6c6f6e5c001cfa78c771b75d5C:\windows\TEMP\028985~1.EXEunknownb6d224b8-137f-11e4-826e-a0481ca69e1c

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)

Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: $Coreselect * from __TimerEvent__TimerEvent//./root

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2

Error: (07/24/2014 03:12:21 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: $Coreselect * from __TimerEvent__TimerEvent//./root/subscription

CodeIntegrity Errors:

===================================

Date: 2014-07-24 17:47:35.244

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:47:34.979

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:42:10.532

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:42:10.250

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:32:07.632

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:32:07.366

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:26:02.710

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 17:26:02.445

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 15:25:19.498

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-24 15:25:19.233

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 3533.1 MB

Available physical RAM: 2332.43 MB

Total Pagefile: 7117.1 MB

Available Pagefile: 5829.03 MB

Total Virtual: 131072 MB

Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.69 GB) (Free:418.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:14.59 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

please run FRST as Admin... :)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Thanks for your help, I got the problem solved.  I used Offline Windows Password & Registry Editor to change the user profile back to an adminstrator account, then MBAM installed fine and removed all the malware.  I appreciate your willingness to assist.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.