Jump to content

Had Exploit:Jave/cve-2012-4681 don't think it's all gone


Recommended Posts

  • Replies 207
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Here's the FSS log:

Farbar Service Scanner Version: 03-01-2016

Ran by Patricia (administrator) on 22-01-2016 at 12:08:34

Running from "C:\Users\Patricia\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Action Center:

============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

Wooooppppppeeeeee BFE is repaired...... Action center notification still requires attention... I`ve attached that reg file as a zip folder, please unzip to the Desktop, so you then have a .reg file

 

Double click that reg file, accept UAC and any merge alert.... Reboot when complete, Run FSS again please and post fresh log.....

 

Let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin

win-7-8-action-center-notification-icon-missing.zip

Link to post
Share on other sites

Oh boy, this is exciting - YOU ARE AWESOME! I can now access the Microsoft Security Scanner page, but Malwarebytes Anti Exploit still won't open.

Here's the FSS log:

Farbar Service Scanner Version: 03-01-2016

Ran by Patricia (administrator) on 22-01-2016 at 12:35:54

Running from "C:\Users\Patricia\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

Yes the BFE key is fixed but there are still some issues, Windows Firewall and Windows Updates services are not running even though reg keys look to be ok.... I like a fresh scan with FRST please:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two new logs....

 

Also what is the status of the internet connection..

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Ok, here are the results:

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016

Ran by Patricia (2016-01-22 13:20:00)

Running from C:\Users\Patricia\Desktop\FRST

Windows 7 Home Premium Service Pack 1 (X64) (2012-01-16 10:37:39)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2593208570-656761073-146990676-500 - Administrator - Disabled)

Guest (S-1-5-21-2593208570-656761073-146990676-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2593208570-656761073-146990676-1002 - Limited - Enabled)

Patricia (S-1-5-21-2593208570-656761073-146990676-1000 - Administrator - Enabled) => C:\Users\Patricia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)

ASRock eXtreme Tuner v0.1.110 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )

ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )

Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)

Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious - Emily's New Beginning (HKLM-x32\...\Delicious - Emily's New Beginning) (Version: 32.0.0.0 - Shockwave.com)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

GoToMeeting 7.8.0.4151 (HKU\S-1-5-21-2593208570-656761073-146990676-1000\...\GoToMeeting) (Version: 7.8.0.4151 - CitrixOnline)

HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)

HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)

HP Photo Creations (HKU\S-1-5-21-2593208570-656761073-146990676-1000\...\HP Photo Creations) (Version: 1.0.0.19382 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)

Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)

join.me (HKU\S-1-5-21-2593208570-656761073-146990676-1000\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Labyrinths of the World: Shattered Soul (HKLM-x32\...\Labyrinths of the World: Shattered Soul) (Version: 32.0.0.0 - Shockwave.com)

Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2593208570-656761073-146990676-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)

Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Paranormal Pursuit: The Gifted One (HKLM-x32\...\Paranormal Pursuit: The Gifted One) (Version: 32.0.0.0 - Shockwave.com)

Plants vs. Zombies™ (HKLM-x32\...\Plants vs. Zombies™) (Version: 32.0.0.0 - Shockwave.com)

Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)

Runaway Express Mystery (HKLM-x32\...\Runaway Express Mystery) (Version: 32.0.0.0 - Shockwave.com)

SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)

TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)

Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

XFastUsb (HKLM-x32\...\XFastUsb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2593208570-656761073-146990676-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Patricia\AppData\Local\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29CEA031-594D-4A3E-A6B5-20EBB94E4160} - System32\Tasks\{FFE7F2BE-1603-45F8-BF0A-D2265BE74F73} => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe

Task: {2F1B5E1C-C8E6-4CF7-B8C4-901DB5CF41B2} - System32\Tasks\{843A90DE-F0CC-410A-8523-DBE9E014C515} => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe

Task: {42C619B6-2E8F-4BE4-814B-2BAECF578519} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)

Task: {4F5B2107-9374-4963-A4BC-B0CA4ACB4863} - System32\Tasks\{1BB77525-0FF4-4767-99CD-0A7B4A737533} => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {65600E86-5617-4E95-A9A1-6116771F3BD5} - System32\Tasks\G2MUploadTask-S-1-5-21-2593208570-656761073-146990676-1000 => C:\Users\Patricia\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe

Task: {67D30DFE-26F3-410E-A0B8-CA2520E19813} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Patricia\AppData\Roaming\HP Photo Creations\Communicator.exe

Task: {6F14BC61-E46B-4E47-B680-071586906C41} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {70BDF13A-688A-460E-BE35-A6B9EDF93290} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-27] (AVAST Software)

Task: {875CC4E6-3F33-43D2-B403-66940B1CD9EE} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe

Task: {8983B134-6FF6-44F9-B560-19AD4F1C08DE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {8B8C8880-EE0F-40A2-B678-3341577D8A26} - System32\Tasks\SafeZone scheduled Autoupdate 1451247347 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-01-05] (Avast Software)

Task: {A974D46B-07A1-43FB-ACAF-CC6AF5CAE8C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {AAC98C49-F739-42F4-9CB9-9B01B18C8DAF} - \zASRockInstantBoot -> No File <==== ATTENTION

Task: {B8E4F177-20E6-40AC-94C6-6885336AB834} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {BB88834E-5B7F-4308-808D-58F70790EA49} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {D03835FE-E681-4E2C-9D39-82BF2BAA6973} - System32\Tasks\HPCustPartic.exe_{A50760A0-B48E-43A9-956F-B8C68A946DB3} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe

Task: {D0DD7A61-6E82-4881-BF86-9EC3AC7E8217} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {D5919740-8E46-4CBA-B7F0-72DA0499E662} - System32\Tasks\G2MUpdateTask-S-1-5-21-2593208570-656761073-146990676-1000 => C:\Users\Patricia\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {F318A0FE-5681-4B0D-8D17-5079A600B521} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)

Task: {F49D344C-8CCC-4BC3-9C29-AD054670242F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2593208570-656761073-146990676-1000.job => C:\Users\Patricia\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2593208570-656761073-146990676-1000.job => C:\Users\Patricia\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Patricia\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 07:40 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-09-21 21:30 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2012-01-17 00:02 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-12-27 15:09 - 2015-12-27 15:09 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-12-27 15:09 - 2015-12-27 15:09 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-01-22 09:43 - 2016-01-22 09:43 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012201\algo.dll

2015-12-27 15:09 - 2015-12-27 15:09 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-09-21 21:30 - 2015-09-21 21:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-12-27 15:09 - 2015-12-27 15:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-22 10:38 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2593208570-656761073-146990676-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

MpsSvc => Firewall Service is not running.

bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

13-01-2016 03:26:02 Windows Update

13-01-2016 10:44:18 Windows Backup

13-01-2016 16:33:20 Windows Update

16-01-2016 15:18:16 Restore Point Created by FRST

16-01-2016 16:31:16 JRT Pre-Junkware Removal

17-01-2016 12:27:36 Windows Update

17-01-2016 16:46:30 Tweaking.com - Windows Repair

21-01-2016 01:11:52 Windows Update

21-01-2016 03:01:00 Windows Update

22-01-2016 10:01:32 Tweaking.com - Windows Repair

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/22/2016 11:36:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: XsdBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WsatConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x8007007e

Error: (01/22/2016 11:36:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:33 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:33 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

Error: (01/22/2016 11:36:33 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

System errors:

=============

Error: (01/22/2016 12:42:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error:

%%5

Error: (01/22/2016 12:42:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:

%%5

Error: (01/22/2016 12:36:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%2

Error: (01/22/2016 12:35:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The MBAMWebAccessControl service depends on the Base Filtering Engine service which failed to start because of the following error:

%%5

Error: (01/22/2016 12:35:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error:

%%5

Error: (01/22/2016 12:35:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The MBAMWebAccessControl service depends on the Base Filtering Engine service which failed to start because of the following error:

%%5

Error: (01/22/2016 12:35:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Base Filtering Engine service terminated with the following error:

%%5

Error: (01/22/2016 12:34:58 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/22/2016 12:34:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (01/22/2016 12:33:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

==================== Memory info ===========================

Processor: Intel® Core i3-3220 CPU @ 3.30GHz

Percentage of memory in use: 33%

Total physical RAM: 7895.92 MB

Available physical RAM: 5282.16 MB

Total Virtual: 15790.05 MB

Available Virtual: 13006.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:372.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1EBFE7D2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016

Ran by Patricia (administrator) on PATRICIA-PC (22-01-2016 13:19:13)

Running from C:\Users\Patricia\Desktop\FRST

Loaded Profiles: Patricia (Available Profiles: Patricia)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_286_ActiveX.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2012-01-16] (Realtek Semiconductor)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-16] (FNet Co., Ltd.)

HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-27] (AVAST Software)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION

HKU\S-1-5-21-2593208570-656761073-146990676-1000\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-27] (AVAST Software)

Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-09-21]

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-21]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{83463ADB-A10F-413A-8D61-0FBC440A3E41}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{A074A790-8E8A-42F0-A495-F6FFF2F36697}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{AD95410C-6F65-43CD-9085-73DE370AD4E7}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{B879AD3F-45CF-4C48-9A66-B36993E4002F}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{D30BD10E-09B2-454F-A8DA-4AF220CB8FED}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Tcpip\..\Interfaces\{F9563870-8EE5-4365-8F73-B74EE9EAC8A8}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-2593208570-656761073-146990676-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope {3100A140-1A2B-4B2B-9400-88963E1E9F1B} URL =

SearchScopes: HKU\S-1-5-21-2593208570-656761073-146990676-1000 -> {F14A7CC0-F53D-4F43-8466-D42D7D365DBC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-27] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-20] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-27] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-21] (Microsoft Corporation)

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-21] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2593208570-656761073-146990676-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Patricia\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-11] (Citrix Online)

FF Plugin HKU\S-1-5-21-2593208570-656761073-146990676-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Patricia\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-10-21] (RocketLife, LLP)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-27]

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-27]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll => No File

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File

CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File

CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]

CHR Extension: (Google Drive) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]

CHR Extension: (YouTube) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]

CHR Extension: (Google Search) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]

CHR Extension: (avast! SafePrice) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-13]

CHR Extension: (Avast Online Security) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-13]

CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]

CHR Extension: (Gmail) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-15]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-27] (AVAST Software)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)

S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-27] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-27] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-27] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-27] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-27] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-27] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-27] (AVAST Software)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-10-23] (FNet Co., Ltd.)

R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-01-16] (FNet Co., Ltd.)

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-22] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [X]

S1 lldhmspc; \??\C:\Windows\system32\drivers\lldhmspc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 12:29 - 2016-01-22 12:29 - 00000371 _____ C:\Users\Patricia\Desktop\win-7-8-action-center-notification-icon-missing.zip

2016-01-22 12:29 - 2016-01-22 12:29 - 00000000 ____D C:\Users\Patricia\Desktop\win-7-8-action-center-notification-icon-missing

2016-01-22 10:12 - 2016-01-22 10:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PATRICIA-PC-Windows-7-Home-Premium-(64-bit).dat

2016-01-22 10:12 - 2016-01-22 10:12 - 00000000 ____D C:\RegBackup

2016-01-21 18:45 - 2016-01-21 18:46 - 19643694 _____ C:\Users\Patricia\Desktop\tweaking.com_windows_repair_aio.zip

2016-01-21 16:34 - 2016-01-21 18:47 - 00000000 ____D C:\Users\Patricia\Desktop\Portable Windows Repair

2016-01-21 12:28 - 2016-01-21 12:28 - 00022528 _____ (Microsoft) C:\Users\Patricia\Desktop\RunAsSystem.exe

2016-01-21 11:52 - 2016-01-21 11:52 - 00176940 _____ C:\Users\Patricia\Desktop\BFE.reg

2016-01-20 17:15 - 2016-01-20 17:15 - 04009167 _____ C:\Users\Patricia\Desktop\ServicesRepair.exe

2016-01-20 16:17 - 2016-01-20 16:17 - 00000000 ____D C:\Windows\system32\config\HiveBackup

2016-01-19 15:10 - 2016-01-22 13:19 - 00000000 ____D C:\Users\Patricia\Desktop\FRST

2016-01-17 19:37 - 2016-01-22 12:36 - 00002837 _____ C:\Windows\SysWOW64\FSS.txt

2016-01-17 15:52 - 2016-01-22 12:10 - 00002795 _____ C:\Users\Patricia\Downloads\FSS.txt

2016-01-17 15:47 - 2016-01-17 15:47 - 00000274 _____ C:\Users\Patricia\Desktop\sfcdetails.txt

2016-01-17 12:35 - 2016-01-17 13:08 - 00010451 _____ C:\Users\Patricia\Desktop\123.zip

2016-01-17 12:34 - 2016-01-17 12:34 - 00174260 _____ C:\Users\Patricia\Desktop\123.reg

2016-01-16 20:43 - 2016-01-16 20:43 - 00000000 _____ C:\Windows\system32\look.txt

2016-01-16 20:42 - 2016-01-16 20:43 - 00000095 _____ C:\Users\Patricia\Desktop\look.bat

2016-01-16 20:11 - 2016-01-16 20:11 - 00899584 _____ (Farbar) C:\Users\Patricia\Downloads\FSS.exe

2016-01-16 20:02 - 2016-01-17 16:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support

2016-01-16 19:21 - 2016-01-16 19:21 - 00000116 ___RH C:\Users\Patricia\Desktop\Stinger.opt

2016-01-16 18:55 - 2016-01-16 20:12 - 00002797 _____ C:\Users\Patricia\Desktop\FSS.txt

2016-01-16 18:39 - 2016-01-16 18:39 - 52988120 _____ (Microsoft Corporation) C:\Users\Patricia\Downloads\Windows-KB890830-x64-V5.32.exe

2016-01-16 16:59 - 2016-01-16 18:30 - 00000867 _____ C:\Users\Patricia\Desktop\Stinger_16012016_165929.html

2016-01-16 16:57 - 2016-01-16 19:21 - 00000000 ____D C:\Program Files (x86)\stinger

2016-01-16 16:57 - 2016-01-16 16:57 - 00000000 ____D C:\Program Files\McAfee

2016-01-16 16:53 - 2016-01-16 16:53 - 15715184 _____ (McAfee Inc) C:\Users\Patricia\Desktop\stinger32.exe

2016-01-16 16:33 - 2016-01-16 16:33 - 00001932 _____ C:\Users\Patricia\Desktop\JRT.txt

2016-01-16 15:35 - 2016-01-16 15:35 - 01600184 _____ (Malwarebytes) C:\Users\Patricia\Desktop\JRT.exe

2016-01-16 15:17 - 2016-01-16 15:21 - 00008229 _____ C:\Users\Patricia\Downloads\Fixlog.txt

2016-01-16 13:21 - 2016-01-16 13:21 - 00066190 _____ C:\Users\Patricia\Downloads\FRST.txt

2016-01-16 13:21 - 2016-01-16 13:21 - 00027271 _____ C:\Users\Patricia\Downloads\Addition.txt

2016-01-16 13:20 - 2016-01-22 13:19 - 00000000 ____D C:\FRST

2016-01-16 13:20 - 2016-01-16 13:20 - 00001150 _____ C:\Users\Patricia\Desktop\FRST64 - Shortcut.lnk

2016-01-16 13:19 - 2016-01-16 13:19 - 02370560 _____ (Farbar) C:\Users\Patricia\Downloads\FRST64.exe

2016-01-16 12:39 - 2016-01-16 12:41 - 00000000 ____D C:\AdwCleaner

2016-01-14 11:23 - 2016-01-14 11:25 - 00203788 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_11.23.33_log.txt

2016-01-13 20:40 - 2016-01-18 15:13 - 00000000 ____D C:\Windows\Microsoft Antimalware

2016-01-13 13:06 - 2016-01-13 14:05 - 00000000 ____D C:\Users\Patricia\Desktop\mbar

2016-01-13 13:06 - 2016-01-13 14:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2016-01-13 03:28 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-13 03:28 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-13 03:28 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2016-01-13 03:28 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2016-01-13 03:28 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

2016-01-12 22:27 - 2016-01-16 15:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2016-01-12 17:39 - 2016-01-12 17:39 - 00095822 _____ C:\Users\Patricia\Desktop\Troubleshoot HP Installation Failure - Network.hta

2016-01-12 16:34 - 2016-01-12 16:34 - 00221897 _____ C:\Users\Patricia\Desktop\Ruby Tuesday So Connected_aspx.mht

2016-01-12 16:23 - 2016-01-12 16:23 - 00000000 ____D C:\Users\Patricia\Documents\HpReg_Backup

2015-12-27 15:15 - 2016-01-13 15:12 - 00003038 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1451247347

2015-12-27 15:15 - 2015-12-27 15:15 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk

2015-12-27 15:15 - 2015-12-27 15:15 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2015-12-27 15:09 - 2015-12-27 15:09 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-12-27 15:09 - 2015-12-27 15:09 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 13:09 - 2012-01-17 15:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-22 12:53 - 2015-11-20 00:11 - 00000420 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job

2016-01-22 12:43 - 2015-02-11 15:20 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2593208570-656761073-146990676-1000.job

2016-01-22 12:42 - 2009-07-13 23:45 - 00029008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-22 12:42 - 2009-07-13 23:45 - 00029008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-22 12:37 - 2009-07-14 00:13 - 00841792 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-22 12:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2016-01-22 12:35 - 2015-05-31 13:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-22 12:32 - 2012-01-17 15:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-22 12:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-22 12:24 - 2012-04-29 11:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-22 12:16 - 2015-05-31 17:15 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2593208570-656761073-146990676-1000.job

2016-01-22 12:07 - 2012-02-12 09:10 - 00000000 ____D C:\Users\Patricia\Documents\Outlook Files

2016-01-22 10:53 - 2012-01-16 23:05 - 00112312 _____ C:\Users\Patricia\AppData\Local\GDIPFONTCACHEV1.DAT

2016-01-22 10:48 - 2012-02-12 08:56 - 00000000 ____D C:\ProgramData\Microsoft Help

2016-01-22 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows

2016-01-22 10:41 - 2009-07-13 23:45 - 00440360 _____ C:\Windows\system32\FNTCACHE.DAT

2016-01-22 10:38 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini

2016-01-22 10:36 - 2012-01-17 00:22 - 00847248 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2016-01-22 09:40 - 2014-12-11 00:10 - 00000000 ____D C:\Windows\system32\appraiser

2016-01-22 09:40 - 2014-05-07 00:29 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-01-21 11:22 - 2015-01-19 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-01-21 11:22 - 2014-08-07 12:14 - 00000000 ____D C:\Program Files (x86)\Java

2016-01-21 11:22 - 2014-04-15 14:50 - 00000000 ____D C:\ProgramData\Oracle

2016-01-21 11:21 - 2015-11-17 10:23 - 00000000 ____D C:\Users\Patricia\.oracle_jre_usage

2016-01-21 11:21 - 2015-01-19 22:23 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2016-01-21 03:07 - 2012-05-16 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-20 13:35 - 2015-04-24 06:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-20 13:35 - 2015-04-24 06:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-20 13:31 - 2015-09-21 21:30 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-01-20 13:24 - 2012-04-29 11:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-20 13:24 - 2012-04-29 11:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-20 13:24 - 2012-01-17 15:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-20 11:41 - 2013-04-01 14:21 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2016-01-20 11:41 - 2013-04-01 14:21 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-01-19 18:47 - 2015-09-21 21:32 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-19 11:54 - 2013-04-01 14:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-01-19 11:14 - 2015-07-05 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2016-01-17 18:44 - 2011-04-12 03:28 - 00000000 ___RD C:\Users\Public\Recorded TV

2016-01-17 18:38 - 2009-07-13 21:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_21

2016-01-16 18:39 - 2012-01-16 18:23 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-01-16 15:25 - 2012-05-22 20:18 - 00501760 ___SH C:\Users\Patricia\Desktop\Thumbs.db

2016-01-16 15:18 - 2013-08-13 14:38 - 00000000 ____D C:\Users\Patricia\AppData\LocalLow\Temp

2016-01-16 15:18 - 2012-01-16 05:37 - 00000000 ____D C:\Users\Patricia

2016-01-13 16:48 - 2012-05-16 16:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-13 16:47 - 2012-05-16 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-13 16:42 - 2013-08-16 01:32 - 00000000 ____D C:\Windows\system32\MRT

2016-01-13 13:06 - 2015-05-31 13:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-01-13 01:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports

2016-01-12 21:06 - 2012-02-12 08:56 - 00000000 ____D C:\Users\Patricia\AppData\Local\Microsoft Help

2016-01-12 17:39 - 2015-07-05 13:33 - 00000000 ____D C:\Program Files (x86)\HP

2016-01-12 17:35 - 2015-07-05 13:36 - 00002004 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk

2016-01-12 16:54 - 2009-07-14 00:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-01-12 16:30 - 2013-04-16 14:33 - 00000000 ____D C:\Users\Patricia\AppData\Local\ElevatedDiagnostics

2016-01-12 16:22 - 2015-07-05 13:34 - 00000000 ____D C:\ProgramData\HP

2016-01-12 10:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2016-01-11 17:17 - 2012-02-23 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

2016-01-11 17:17 - 2012-02-23 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2016-01-11 17:16 - 2011-04-12 03:28 - 00000000 ____D C:\Windows\ShellNew

2016-01-11 17:16 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild

2015-12-27 15:49 - 2012-04-17 14:01 - 00000000 ____D C:\Users\Patricia\AppData\Local\Adobe

2015-12-27 15:10 - 2013-04-01 14:21 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1453308079412

2015-12-27 15:10 - 2013-04-01 14:21 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2015-12-27 15:09 - 2014-04-21 23:18 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2015-12-27 15:09 - 2014-04-12 15:57 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-12-27 15:09 - 2013-04-01 14:21 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2015-12-27 15:09 - 2013-04-01 14:21 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-12-27 15:09 - 2013-04-01 14:21 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2015-12-27 15:09 - 2013-04-01 14:19 - 00000000 ____D C:\ProgramData\AVAST Software

2015-12-27 15:08 - 2014-04-12 15:56 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2015-12-27 15:08 - 2013-04-01 14:21 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1453308079412

2015-12-27 15:08 - 2013-04-01 14:20 - 00000000 ____D C:\Program Files\AVAST Software

2015-12-23 02:23 - 2013-04-01 13:44 - 00386568 _____ C:\Windows\ntbtlog.txt

2015-12-23 01:29 - 2015-07-05 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-12-23 01:24 - 2015-11-20 00:11 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\HP Photo Creations

2015-12-23 01:16 - 2015-05-31 13:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2013-09-22 14:16 - 2013-09-22 14:16 - 0000000 ____H () C:\Users\Patricia\AppData\Roaming\ActUpdate.log

2012-01-16 23:58 - 2012-01-16 23:58 - 0000003 _____ () C:\Users\Patricia\AppData\Local\user_data.ini

2015-11-17 14:13 - 2015-11-17 14:13 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:

====================

C:\Users\Patricia\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-20 17:07

==================== End of FRST.txt ============================

Link to post
Share on other sites

Yes there are still issues with BFE.dll, even though the reg key and service settings are now appearing to be OK. There are errors showing in event viewer log entries...

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Run FSS and post fresh log...

 

I guess we just need a bit more patience......

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Here's the FSS:

Farbar Service Scanner Version: 03-01-2016

Ran by Patricia (administrator) on 22-01-2016 at 14:23:39

Running from "C:\Users\Patricia\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

And FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016

Ran by Patricia (2016-01-22 14:19:01) Run:5

Running from C:\Users\Patricia\Desktop\FRST

Loaded Profiles: Patricia (Available Profiles: Patricia)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-2593208570-656761073-146990676-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

S3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [X]

S1 lldhmspc; \??\C:\Windows\system32\drivers\lldhmspc.sys [X]

C:\Users\Patricia\AppData\Local\Temp\jre-8u71-windows-au.exe

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: bitsadmin /reset /allusers

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Task: {AAC98C49-F739-42F4-9CB9-9B01B18C8DAF} - \zASRockInstantBoot -> No File <==== ATTENTION

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\S-1-5-21-2593208570-656761073-146990676-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

gupdate => service removed successfully

gupdatem => service removed successfully

AsrIbDrv => service removed successfully

lldhmspc => service removed successfully

C:\Users\Patricia\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully

========= netsh advfirewall reset =========

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAC98C49-F739-42F4-9CB9-9B01B18C8DAF}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC98C49-F739-42F4-9CB9-9B01B18C8DAF}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zASRockInstantBoot" => key removed successfully

The system needed a reboot.

==== End of Fixlog 14:19:20 ====

I don't see a new addition.txt file. I didn't hit scan before fix, though - was I supposed to?

Link to post
Share on other sites

No need to hit scan, fix was correct, my fault...

 

Ok we are still seeing problems in FSS log, all seems to be related to BFE permissions... Open an elevated command prompt. at the prompt copy and paste the following command......

 

Reg Query "HKLM\SYSTEM\CurrentControlSet\Services\BFE"> 0 & notepad 0

 

Notepad will open with that log, please let me see that log......

Link to post
Share on other sites

Ok, here's that log:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE

DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001

Group REG_SZ NetworkProvider

ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork

Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002

ObjectName REG_SZ NT AUTHORITY\LocalService

ErrorControl REG_DWORD 0x1

Start REG_DWORD 0x2

Type REG_DWORD 0x20

DependOnService REG_MULTI_SZ RpcSs

ServiceSidType REG_DWORD 0x3

RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters

Link to post
Share on other sites

This has got me totally baffled, that key is as it should be and yet we cannot get that service to run.... Run eset service repair one more time.....

 

servicerepairico.png Fix with ESET Services Repair

 

Please download Services Repair by ESET and save it to your desktop.

 

Right-click on servicerepairico.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

If security notifications appear, click Continue or Run.

Accept the prompt about restoring services.

Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.

A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

Link to post
Share on other sites

I can't help you with the baffled part because I haven't been anything BUT baffled since it started :-). I still had ESET on the system so I just used it. If I needed to delete it and download it fresh, please let me know and I'll do that. The date of the following file in the folder says 1-16, but in properties it says modified 1-22:

Log Opened: 2016-01-16 @ 20:02:57

20:02:57 - -----------------

20:02:57 - | Begin Logging |

20:02:57 - -----------------

20:02:57 - Fix started on a WIN_7 X64 computer

20:02:57 - Prep in progress. Please Wait.

20:02:58 - Prep complete

20:02:58 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.

20:02:59 - Services Repair Complete.

20:03:04 - Reboot Initiated

Log Opened: 2016-01-20 @ 17:17:37

17:17:37 - -----------------

17:17:37 - | Begin Logging |

17:17:37 - -----------------

17:17:37 - Fix started on a WIN_7 X64 computer

17:17:37 - Prep in progress. Please Wait.

17:17:38 - Prep complete

17:17:38 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.

17:17:39 - Services Repair Complete.

17:17:43 - Reboot Initiated

Log Opened: 2016-01-22 @ 16:01:46

16:01:46 - -----------------

16:01:46 - | Begin Logging |

16:01:46 - -----------------

16:01:46 - Fix started on a WIN_7 X64 computer

16:01:46 - Prep in progress. Please Wait.

16:01:47 - Prep complete

16:01:47 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.

16:01:49 - Services Repair Complete.

16:01:57 - Reboot Initiated

Link to post
Share on other sites

We tried the following earlier but failed, since then we have made progress so it may very well work this time.... More registry work...

 

select these keys together Windows Key + R key the "Run" box will open...

Type regedit into the box and click ok. regedit will open. Expand the following keys

> HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > services > BFE

Do not expand BFE  Right click direct on that folder  and select Permissions

Click on ADD and type Everyone and click ok

Now select Everyone

Below you have permission for users, Select full control and click ok... Close regedit and Re-boot the system....

 

When OS is running continue...

Open the RUN box again, type services.msc and click ok

If you receive the User Account Control prompt, click Yes or Continue.

In the Services window, under the Name column, locate and double-click Base Filtering Engine (BFE)

To the right of Startup type, verify that Automatic appears.

If Startup type is not Automatic, then open the drop-down, from the list, click Automatic

To the right of Service Status, verify that Started appears.

If the Service status is not Started, then click Start.

Click OK.

Exit the Services window.

Re-boot the system, when running and stable run FSS again and post new log.

 

Thank you,

 

Kevin...
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.