The COM Surrogate has one issue at least. You can't remove personal info from a picture.http://answers.microsoft.com/en-us/...s/b8dbf29e-16ef-4c2a-800e-395d544753c9?auth=1
Solved Multiple COM surrogate processes
- Thread starter Ter Ader
- Start date
Broni
Posts: 56,041 +516
This time I left your Heaven Benchmark shortcuts alone.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
The COM surrogate process has a "flaw" some how and results in not be able to remove information from a picture (always COMN surrogate error when trying to remove information). Also many COM surrogate processes show in TM when a picture is "right clicked", showing it behaves weird. Before the 1511 update this was not the case. Could remove picture information with "remove picture.." in Windows without COM surrogate error.
Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by pikku (2015-12-16 19:38:41) Run:1
Running from C:\Users\pikku\Desktop
Loaded Profiles: pikku (Available Profiles: pikku)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
2015-11-21 13:51 - 2015-11-26 00:27 - 4749824 _____ () C:\Users\pikku\AppData\Local\avcodec.dll
2015-11-21 13:51 - 2015-11-26 00:27 - 0107008 _____ () C:\Users\pikku\AppData\Local\avutil-50.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 1892864 _____ (madshi.net) C:\Users\pikku\AppData\Local\eac3to.exe
2015-09-30 18:57 - 2015-11-26 00:27 - 0038060 _____ () C:\Users\pikku\AppData\Local\error.wav
2015-09-10 00:14 - 2015-12-16 16:28 - 1065984 _____ () C:\Users\pikku\AppData\Local\file__0.localstorage
2015-09-30 18:57 - 2015-11-26 00:27 - 0544768 _____ () C:\Users\pikku\AppData\Local\hdcd.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0095232 _____ (madshi.net) C:\Users\pikku\AppData\Local\HookSurcode.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0242176 _____ () C:\Users\pikku\AppData\Local\libAften.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0241664 _____ () C:\Users\pikku\AppData\Local\libcurl-4.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0155648 _____ () C:\Users\pikku\AppData\Local\libFLAC.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0918016 _____ () C:\Users\pikku\AppData\Local\libiconv-2.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0076800 _____ () C:\Users\pikku\AppData\Local\libintl-8.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0130048 _____ () C:\Users\pikku\AppData\Local\libMatrix.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0144896 _____ () C:\Users\pikku\AppData\Local\libSsrc.dll
2015-09-30 18:57 - 2015-11-26 00:28 - 0000455 _____ () C:\Users\pikku\AppData\Local\log.txt
2015-09-30 18:57 - 2015-11-26 00:27 - 0135680 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\pikku\AppData\Local\magic1.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0007168 _____ () C:\Users\pikku\AppData\Local\mingwm10.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 4561408 _____ () C:\Users\pikku\AppData\Local\mkvmerge.exe
2015-11-30 15:32 - 2015-12-03 03:36 - 0000600 _____ () C:\Users\pikku\AppData\Local\PUTTY.RND
2015-09-30 18:57 - 2015-11-26 00:27 - 0219136 _____ () C:\Users\pikku\AppData\Local\r8b.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0079360 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\pikku\AppData\Local\regex2.dll
2015-12-05 20:28 - 2015-12-05 20:28 - 0007605 _____ () C:\Users\pikku\AppData\Local\Resmon.ResmonCfg
2015-09-30 18:57 - 2015-11-26 00:27 - 0023186 _____ () C:\Users\pikku\AppData\Local\success.wav
2015-09-30 18:57 - 2015-11-26 00:27 - 1652224 _____ () C:\Users\pikku\AppData\Local\wxbase28u_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0699904 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_adv_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 3826176 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_core_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0589312 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_html_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0075264 _____ (Zlib) C:\Users\pikku\AppData\Local\zlib1.dll
2015-12-03 03:38 - 2015-12-03 03:38 - 0000006 ____S () C:\ProgramData\708a644b8256f73532d80449ffc8bd7c025ab742
2015-11-13 12:36 - 2015-11-13 12:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-28 12:47 - 2015-10-04 03:00 - 0001899 _____ () C:\ProgramData\hpzinstall.log
2015-12-03 03:38 - 2015-12-03 03:38 - 0000000 _____ () C:\ProgramData\Oil2LbRN
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
*****************
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => key removed successfully
HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => key removed successfully
HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => key removed successfully
HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => key removed successfully
C:\Users\pikku\AppData\Local\avcodec.dll => moved successfully
C:\Users\pikku\AppData\Local\avutil-50.dll => moved successfully
C:\Users\pikku\AppData\Local\eac3to.exe => moved successfully
C:\Users\pikku\AppData\Local\error.wav => moved successfully
C:\Users\pikku\AppData\Local\file__0.localstorage => moved successfully
C:\Users\pikku\AppData\Local\hdcd.dll => moved successfully
C:\Users\pikku\AppData\Local\HookSurcode.dll => moved successfully
C:\Users\pikku\AppData\Local\libAften.dll => moved successfully
C:\Users\pikku\AppData\Local\libcurl-4.dll => moved successfully
C:\Users\pikku\AppData\Local\libFLAC.dll => moved successfully
C:\Users\pikku\AppData\Local\libiconv-2.dll => moved successfully
C:\Users\pikku\AppData\Local\libintl-8.dll => moved successfully
C:\Users\pikku\AppData\Local\libMatrix.dll => moved successfully
C:\Users\pikku\AppData\Local\libSsrc.dll => moved successfully
C:\Users\pikku\AppData\Local\log.txt => moved successfully
C:\Users\pikku\AppData\Local\magic1.dll => moved successfully
C:\Users\pikku\AppData\Local\mingwm10.dll => moved successfully
C:\Users\pikku\AppData\Local\mkvmerge.exe => moved successfully
C:\Users\pikku\AppData\Local\PUTTY.RND => moved successfully
C:\Users\pikku\AppData\Local\r8b.dll => moved successfully
C:\Users\pikku\AppData\Local\regex2.dll => moved successfully
C:\Users\pikku\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\pikku\AppData\Local\success.wav => moved successfully
C:\Users\pikku\AppData\Local\wxbase28u_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_adv_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_core_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_html_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\zlib1.dll => moved successfully
C:\ProgramData\708a644b8256f73532d80449ffc8bd7c025ab742 => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\Oil2LbRN => moved successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully.
==== End of Fixlog 19:38:42 ====
Ran by pikku (2015-12-16 19:38:41) Run:1
Running from C:\Users\pikku\Desktop
Loaded Profiles: pikku (Available Profiles: pikku)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
2015-11-21 13:51 - 2015-11-26 00:27 - 4749824 _____ () C:\Users\pikku\AppData\Local\avcodec.dll
2015-11-21 13:51 - 2015-11-26 00:27 - 0107008 _____ () C:\Users\pikku\AppData\Local\avutil-50.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 1892864 _____ (madshi.net) C:\Users\pikku\AppData\Local\eac3to.exe
2015-09-30 18:57 - 2015-11-26 00:27 - 0038060 _____ () C:\Users\pikku\AppData\Local\error.wav
2015-09-10 00:14 - 2015-12-16 16:28 - 1065984 _____ () C:\Users\pikku\AppData\Local\file__0.localstorage
2015-09-30 18:57 - 2015-11-26 00:27 - 0544768 _____ () C:\Users\pikku\AppData\Local\hdcd.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0095232 _____ (madshi.net) C:\Users\pikku\AppData\Local\HookSurcode.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0242176 _____ () C:\Users\pikku\AppData\Local\libAften.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0241664 _____ () C:\Users\pikku\AppData\Local\libcurl-4.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0155648 _____ () C:\Users\pikku\AppData\Local\libFLAC.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0918016 _____ () C:\Users\pikku\AppData\Local\libiconv-2.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0076800 _____ () C:\Users\pikku\AppData\Local\libintl-8.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0130048 _____ () C:\Users\pikku\AppData\Local\libMatrix.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0144896 _____ () C:\Users\pikku\AppData\Local\libSsrc.dll
2015-09-30 18:57 - 2015-11-26 00:28 - 0000455 _____ () C:\Users\pikku\AppData\Local\log.txt
2015-09-30 18:57 - 2015-11-26 00:27 - 0135680 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\pikku\AppData\Local\magic1.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0007168 _____ () C:\Users\pikku\AppData\Local\mingwm10.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 4561408 _____ () C:\Users\pikku\AppData\Local\mkvmerge.exe
2015-11-30 15:32 - 2015-12-03 03:36 - 0000600 _____ () C:\Users\pikku\AppData\Local\PUTTY.RND
2015-09-30 18:57 - 2015-11-26 00:27 - 0219136 _____ () C:\Users\pikku\AppData\Local\r8b.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0079360 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\pikku\AppData\Local\regex2.dll
2015-12-05 20:28 - 2015-12-05 20:28 - 0007605 _____ () C:\Users\pikku\AppData\Local\Resmon.ResmonCfg
2015-09-30 18:57 - 2015-11-26 00:27 - 0023186 _____ () C:\Users\pikku\AppData\Local\success.wav
2015-09-30 18:57 - 2015-11-26 00:27 - 1652224 _____ () C:\Users\pikku\AppData\Local\wxbase28u_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0699904 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_adv_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 3826176 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_core_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0589312 _____ () C:\Users\pikku\AppData\Local\wxmsw28u_html_gcc_custom.dll
2015-09-30 18:57 - 2015-11-26 00:27 - 0075264 _____ (Zlib) C:\Users\pikku\AppData\Local\zlib1.dll
2015-12-03 03:38 - 2015-12-03 03:38 - 0000006 ____S () C:\ProgramData\708a644b8256f73532d80449ffc8bd7c025ab742
2015-11-13 12:36 - 2015-11-13 12:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-28 12:47 - 2015-10-04 03:00 - 0001899 _____ () C:\ProgramData\hpzinstall.log
2015-12-03 03:38 - 2015-12-03 03:38 - 0000000 _____ () C:\ProgramData\Oil2LbRN
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
*****************
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => key removed successfully
HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => key removed successfully
HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => key removed successfully
HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => key removed successfully
C:\Users\pikku\AppData\Local\avcodec.dll => moved successfully
C:\Users\pikku\AppData\Local\avutil-50.dll => moved successfully
C:\Users\pikku\AppData\Local\eac3to.exe => moved successfully
C:\Users\pikku\AppData\Local\error.wav => moved successfully
C:\Users\pikku\AppData\Local\file__0.localstorage => moved successfully
C:\Users\pikku\AppData\Local\hdcd.dll => moved successfully
C:\Users\pikku\AppData\Local\HookSurcode.dll => moved successfully
C:\Users\pikku\AppData\Local\libAften.dll => moved successfully
C:\Users\pikku\AppData\Local\libcurl-4.dll => moved successfully
C:\Users\pikku\AppData\Local\libFLAC.dll => moved successfully
C:\Users\pikku\AppData\Local\libiconv-2.dll => moved successfully
C:\Users\pikku\AppData\Local\libintl-8.dll => moved successfully
C:\Users\pikku\AppData\Local\libMatrix.dll => moved successfully
C:\Users\pikku\AppData\Local\libSsrc.dll => moved successfully
C:\Users\pikku\AppData\Local\log.txt => moved successfully
C:\Users\pikku\AppData\Local\magic1.dll => moved successfully
C:\Users\pikku\AppData\Local\mingwm10.dll => moved successfully
C:\Users\pikku\AppData\Local\mkvmerge.exe => moved successfully
C:\Users\pikku\AppData\Local\PUTTY.RND => moved successfully
C:\Users\pikku\AppData\Local\r8b.dll => moved successfully
C:\Users\pikku\AppData\Local\regex2.dll => moved successfully
C:\Users\pikku\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\pikku\AppData\Local\success.wav => moved successfully
C:\Users\pikku\AppData\Local\wxbase28u_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_adv_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_core_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\wxmsw28u_html_gcc_custom.dll => moved successfully
C:\Users\pikku\AppData\Local\zlib1.dll => moved successfully
C:\ProgramData\708a644b8256f73532d80449ffc8bd7c025ab742 => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\Oil2LbRN => moved successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully.
==== End of Fixlog 19:38:42 ====
Broni
Posts: 56,041 +516
Last scans...
Download Security Check from here or here and save it to your Desktop.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
Norton removed FSS.exe but whitelisted it and got a log.
Farbar Service Scanner Version: 10-06-2014
Ran by pikku (administrator) on 16-12-2015 at 20:02:32
Running from "C:\Users\pikku\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Farbar Service Scanner Version: 10-06-2014
Ran by pikku (administrator) on 16-12-2015 at 20:02:32
Running from "C:\Users\pikku\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Broni
Posts: 56,041 +516
FSS log shows some registry issues.
Download Windows Repair (All in One) from this site
Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.
Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:
Go to Step 5 and under "System Restore" click on Create button:
Go to Repairs tab and click Open Repairs button.
In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Post fresh FSS log as well.
Download Windows Repair (All in One) from this site
Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.
Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:
Go to Step 5 and under "System Restore" click on Create button:
Go to Repairs tab and click Open Repairs button.
In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Post fresh FSS log as well.
Windows repair log:
Tweaking.com - Windows Repair v3.7.2
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.10586
OS Service Pack:
Computer Name: TURKKIKOLO
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\pikku
Current Profile SID: S-1-5-21-82686010-1683413863-748850744-1001
Current Profile Classes: S-1-5-21-82686010-1683413863-748850744-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\pikku\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:41:48
Process Count: 87
Commit Total: 3,87 GB
Commit Limit: 18,32 GB
Commit Peak: 5,12 GB
Handle Count: 41231
Kernel Total: 1,28 GB
Kernel Paged: 1,02 GB
Kernel Non Paged: 257,10 MB
System Cache: 12,92 GB
Thread Count: 1533
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,94 GB
Memory Used: 3,34 GB(20,9324%)
Memory Avail.: 12,61 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,94 GB
Memory Used: 2,52 GB(15,7957%)
Memory Avail.: 13,43 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (16.12.2015 21.51.34)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 155
01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (16.12.2015 21.51.35)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done, 0,16 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done, 1,4 seconds.
Running Repair Under System Account
Done (16.12.2015 21.57.51)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (16.12.2015 21.57.51)
Running Repair Under Current User Account
Done (16.12.2015 21.59.41)
02 - Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (16.12.2015 21.59.41)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done, 0,12 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done, 0,14 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done, 0,2 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done, 0,12 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done, 0,13 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done, 0,8 seconds.
Running Repair Under Current User Account
Done (16.12.2015 22.00.55)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (16.12.2015 22.00.55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.00.57)
03 - Reset Service Permissions
Start (16.12.2015 22.00.57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.01.11)
04 - Register System Files
Start (16.12.2015 22.01.11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.01.40)
05 - Repair WMI
Start (16.12.2015 22.01.40)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Exporting 3rd Party Firewall Info...
Running Repair Under Current User Account
Done (16.12.2015 22.02.34)
Tweaking.com - Windows Repair v3.7.2
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.10586
OS Service Pack:
Computer Name: TURKKIKOLO
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\pikku
Current Profile SID: S-1-5-21-82686010-1683413863-748850744-1001
Current Profile Classes: S-1-5-21-82686010-1683413863-748850744-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\pikku\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:41:48
Process Count: 87
Commit Total: 3,87 GB
Commit Limit: 18,32 GB
Commit Peak: 5,12 GB
Handle Count: 41231
Kernel Total: 1,28 GB
Kernel Paged: 1,02 GB
Kernel Non Paged: 257,10 MB
System Cache: 12,92 GB
Thread Count: 1533
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,94 GB
Memory Used: 3,34 GB(20,9324%)
Memory Avail.: 12,61 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,94 GB
Memory Used: 2,52 GB(15,7957%)
Memory Avail.: 13,43 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (16.12.2015 21.51.34)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 155
01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (16.12.2015 21.51.35)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done, 0,16 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done, 1,4 seconds.
Running Repair Under System Account
Done (16.12.2015 21.57.51)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (16.12.2015 21.57.51)
Running Repair Under Current User Account
Done (16.12.2015 21.59.41)
02 - Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (16.12.2015 21.59.41)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done, 0,12 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done, 0,14 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done, 0,2 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done, 0,12 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done, 0,13 seconds.
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done, 0,8 seconds.
Running Repair Under Current User Account
Done (16.12.2015 22.00.55)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (16.12.2015 22.00.55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.00.57)
03 - Reset Service Permissions
Start (16.12.2015 22.00.57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.01.11)
04 - Register System Files
Start (16.12.2015 22.01.11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.01.40)
05 - Repair WMI
Start (16.12.2015 22.01.40)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Exporting 3rd Party Firewall Info...
Running Repair Under Current User Account
Done (16.12.2015 22.02.34)
06 - Repair Windows Firewall
Start (16.12.2015 22.02.34)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.06)
07 - Repair Internet Explorer
Start (16.12.2015 22.03.06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.23)
08 - Repair MDAC/MS Jet
Start (16.12.2015 22.03.23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.28)
09 - Repair Hosts File
Start (16.12.2015 22.03.28)
Running Repair Under System Account
Done (16.12.2015 22.03.29)
10 - Remove Policies Set By Infections
Start (16.12.2015 22.03.29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.32)
11 - Repair Start Menu Icons Removed By Infections
Start (16.12.2015 22.03.32)
Running Repair Under System Account
Done (16.12.2015 22.03.33)
12 - Repair Icons
Start (16.12.2015 22.03.33)
Running Repair Under Current User Account
Done (16.12.2015 22.03.34)
13 - Repair Network
Start (16.12.2015 22.03.34)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,14 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.46)
14 - Remove Temp Files
Start (16.12.2015 22.03.46)
Running Repair Under System Account
Done (16.12.2015 22.03.48)
15 - Repair Proxy Settings
Start (16.12.2015 22.03.48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.50)
17 - Repair Windows Updates
Start (16.12.2015 22.03.50)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (16.12.2015 22.04.10)
18 - Repair CD/DVD Missing/Not Working
Start (16.12.2015 22.04.10)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (16.12.2015 22.04.10)
19 - Repair Volume Shadow Copy Service
Start (16.12.2015 22.04.10)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.29)
20 - Repair Windows Sidebar/Gadgets
Start (16.12.2015 22.04.29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.32)
21 - Repair MSI (Windows Installer)
Start (16.12.2015 22.04.32)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.42)
22 - Repair Windows Snipping Tool
Start (16.12.2015 22.04.42)
Done (16.12.2015 22.04.42)
23.01 - Repair bat Association
Start (16.12.2015 22.04.42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.44)
23.02 - Repair cmd Association
Start (16.12.2015 22.04.44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.46)
23.03 - Repair com Association
Start (16.12.2015 22.04.46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.48)
23.04 - Repair Directory Association
Start (16.12.2015 22.04.48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.50)
23.05 - Repair Drive Association
Start (16.12.2015 22.04.50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.53)
23.06 - Repair exe Association
Start (16.12.2015 22.04.53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.55)
23.07 - Repair Folder Association
Start (16.12.2015 22.04.55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.57)
23.08 - Repair inf Association
Start (16.12.2015 22.04.57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.59)
23.09 - Repair lnk (Shortcuts) Association
Start (16.12.2015 22.04.59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.01)
23.10 - Repair msc Association
Start (16.12.2015 22.05.01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.03)
23.11 - Repair reg Association
Start (16.12.2015 22.05.03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.05)
23.12 - Repair scr Association
Start (16.12.2015 22.05.05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.07)
24 - Repair Windows Safe Mode
Start (16.12.2015 22.05.07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.09)
25 - Repair Print Spooler
Start (16.12.2015 22.05.09)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.24)
26 - Restore Important Windows Services
Start (16.12.2015 22.05.24)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.30)
27 - Set Windows Services To Default Startup
Start (16.12.2015 22.05.30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.35)
Skipping Repair.
Due to a bug in the Windows 10 build 10586 the powershell command used to reinstall the apps and app store instead breaks them and deletes their install folders. Till Microsoft fixes this bug this repair is skipped for this version of Windows.
Current version: 10.0.10586
29 - Repair Windows 8/10 Component Store
Start (16.12.2015 22.05.35)
Running Repair Under Current User Account
Done (16.12.2015 22.06.39)
30 - Restore Windows 8/10 COM+ Unmarshalers
Start (16.12.2015 22.06.39)
Running Repair Under System Account
[X] -----Job Complete----- Items Done: 1
Done (16.12.2015 22.06.41)
31 - Repair Windows 'New' Submenu
Start (16.12.2015 22.06.41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.06.43)
33 - Repair Performance Counters
Start (16.12.2015 22.06.43)
Running Repair Under Current User Account
Done (16.12.2015 22.06.45)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (16.12.2015 22.06.45)
Total Repair Time: 00:15:12
...YOU MUST RESTART YOUR SYSTEM...
Start (16.12.2015 22.02.34)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.06)
07 - Repair Internet Explorer
Start (16.12.2015 22.03.06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.23)
08 - Repair MDAC/MS Jet
Start (16.12.2015 22.03.23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.28)
09 - Repair Hosts File
Start (16.12.2015 22.03.28)
Running Repair Under System Account
Done (16.12.2015 22.03.29)
10 - Remove Policies Set By Infections
Start (16.12.2015 22.03.29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.32)
11 - Repair Start Menu Icons Removed By Infections
Start (16.12.2015 22.03.32)
Running Repair Under System Account
Done (16.12.2015 22.03.33)
12 - Repair Icons
Start (16.12.2015 22.03.33)
Running Repair Under Current User Account
Done (16.12.2015 22.03.34)
13 - Repair Network
Start (16.12.2015 22.03.34)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,14 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.46)
14 - Remove Temp Files
Start (16.12.2015 22.03.46)
Running Repair Under System Account
Done (16.12.2015 22.03.48)
15 - Repair Proxy Settings
Start (16.12.2015 22.03.48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.03.50)
17 - Repair Windows Updates
Start (16.12.2015 22.03.50)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (16.12.2015 22.04.10)
18 - Repair CD/DVD Missing/Not Working
Start (16.12.2015 22.04.10)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (16.12.2015 22.04.10)
19 - Repair Volume Shadow Copy Service
Start (16.12.2015 22.04.10)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.29)
20 - Repair Windows Sidebar/Gadgets
Start (16.12.2015 22.04.29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.32)
21 - Repair MSI (Windows Installer)
Start (16.12.2015 22.04.32)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.42)
22 - Repair Windows Snipping Tool
Start (16.12.2015 22.04.42)
Done (16.12.2015 22.04.42)
23.01 - Repair bat Association
Start (16.12.2015 22.04.42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.44)
23.02 - Repair cmd Association
Start (16.12.2015 22.04.44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.46)
23.03 - Repair com Association
Start (16.12.2015 22.04.46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.48)
23.04 - Repair Directory Association
Start (16.12.2015 22.04.48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.50)
23.05 - Repair Drive Association
Start (16.12.2015 22.04.50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.53)
23.06 - Repair exe Association
Start (16.12.2015 22.04.53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.55)
23.07 - Repair Folder Association
Start (16.12.2015 22.04.55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.57)
23.08 - Repair inf Association
Start (16.12.2015 22.04.57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.04.59)
23.09 - Repair lnk (Shortcuts) Association
Start (16.12.2015 22.04.59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.01)
23.10 - Repair msc Association
Start (16.12.2015 22.05.01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.03)
23.11 - Repair reg Association
Start (16.12.2015 22.05.03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.05)
23.12 - Repair scr Association
Start (16.12.2015 22.05.05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.07)
24 - Repair Windows Safe Mode
Start (16.12.2015 22.05.07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.09)
25 - Repair Print Spooler
Start (16.12.2015 22.05.09)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.24)
26 - Restore Important Windows Services
Start (16.12.2015 22.05.24)
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0,13 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.30)
27 - Set Windows Services To Default Startup
Start (16.12.2015 22.05.30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.05.35)
Skipping Repair.
Due to a bug in the Windows 10 build 10586 the powershell command used to reinstall the apps and app store instead breaks them and deletes their install folders. Till Microsoft fixes this bug this repair is skipped for this version of Windows.
Current version: 10.0.10586
29 - Repair Windows 8/10 Component Store
Start (16.12.2015 22.05.35)
Running Repair Under Current User Account
Done (16.12.2015 22.06.39)
30 - Restore Windows 8/10 COM+ Unmarshalers
Start (16.12.2015 22.06.39)
Running Repair Under System Account
[X] -----Job Complete----- Items Done: 1
Done (16.12.2015 22.06.41)
31 - Repair Windows 'New' Submenu
Start (16.12.2015 22.06.41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.12.2015 22.06.43)
33 - Repair Performance Counters
Start (16.12.2015 22.06.43)
Running Repair Under Current User Account
Done (16.12.2015 22.06.45)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (16.12.2015 22.06.45)
Total Repair Time: 00:15:12
...YOU MUST RESTART YOUR SYSTEM...
FSS.exe
Farbar Service Scanner Version: 10-06-2014
Ran by pikku (administrator) on 16-12-2015 at 22:20:56
Running from "C:\Users\pikku\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Farbar Service Scanner Version: 10-06-2014
Ran by pikku (administrator) on 16-12-2015 at 22:20:56
Running from "C:\Users\pikku\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Broni
Posts: 56,041 +516
Your computer is clean
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642
12. Please, let me know, how your computer is doing.
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642
12. Please, let me know, how your computer is doing.
Similar threads
