Solved Win 7 - can't reach Control Panel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 10:05 - 2011-06-23 12:11 - 00001828 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-10-10 10:05 - 2011-05-28 15:18 - 01804625 _____ C:\Windows\WindowsUpdate.log
2015-10-10 10:05 - 2009-07-13 22:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-10 10:01 - 2012-03-21 12:28 - 00000266 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-10-10 10:00 - 2012-01-09 18:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 10:00 - 2011-06-22 21:36 - 00000000 ____D C:\Users\Jacqueline\AppData\LocalLow\AuthenTec
2015-10-10 09:59 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 09:58 - 2010-11-20 20:47 - 00816554 _____ C:\Windows\PFRO.log
2015-10-10 09:58 - 2009-07-13 21:51 - 00081674 _____ C:\Windows\setupact.log
2015-10-09 19:43 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-10-09 19:41 - 2011-06-22 21:35 - 00000000 ____D C:\Users\Jacqueline
2015-10-09 19:38 - 2013-12-15 19:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 19:28 - 2012-01-09 18:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 19:13 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:13 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:08 - 2011-08-11 21:50 - 00000000 ____D C:\Users\Jacqueline\AppData\Local\CrashDumps
2015-10-09 18:33 - 2011-06-23 00:31 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62BF689D-F1CB-45A1-9314-820592EAEC0D}
2015-10-09 17:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-10-09 15:37 - 2015-04-05 11:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 15:23 - 2009-07-13 21:45 - 00357432 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-08 15:22 - 2013-11-26 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-08 15:19 - 2015-04-05 11:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-08 15:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-08 15:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-10-08 15:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-08 15:15 - 2011-07-24 21:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-07 21:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas
2015-10-07 19:39 - 2013-12-15 19:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-07 19:39 - 2013-12-15 19:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-07 19:39 - 2011-09-08 16:35 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-07 12:35 - 2007-01-01 18:25 - 00000000 ____D C:\Windows\Panther
2015-10-07 10:10 - 2014-10-20 10:35 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\AVG2015
2015-10-07 10:10 - 2014-10-20 10:32 - 00000000 ____D C:\ProgramData\AVG2015
2015-10-07 10:10 - 2014-03-13 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-07 10:10 - 2013-11-21 16:36 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2015-10-07 10:10 - 2013-10-30 12:50 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-07 10:10 - 2013-10-29 14:24 - 00000000 ____D C:\ProgramData\MFAData
2015-10-07 10:10 - 2011-04-08 13:47 - 00000000 ____D C:\ProgramData\RoxioNow
2015-10-07 10:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2015-10-07 10:10 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-07 10:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-10-06 17:23 - 2012-01-09 18:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-06 17:23 - 2012-01-09 18:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-06 15:46 - 2015-06-08 17:42 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJacqueline
2015-10-06 15:46 - 2015-06-08 17:42 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForJacqueline.job
2015-10-01 19:43 - 2011-12-01 15:53 - 00001414 _____ C:\Windows\Synaptics.log
2015-10-01 19:43 - 2011-05-28 15:25 - 00024484 _____ C:\Windows\DPINST.LOG
2015-10-01 19:42 - 2011-05-28 15:24 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-10-01 19:42 - 2011-05-28 15:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-01 19:42 - 2011-05-28 15:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-01 19:41 - 2011-05-28 15:20 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-01 19:40 - 2011-05-28 15:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-10-01 19:40 - 2011-04-08 13:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-01 19:39 - 2011-06-23 00:31 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\hpqlog
2015-10-01 19:39 - 2011-04-08 13:54 - 00000000 ___RD C:\Program Files\Online Services
2015-10-01 19:39 - 2011-04-08 13:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-10-01 19:39 - 2011-04-08 13:40 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-10-01 17:21 - 2009-07-13 22:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-12 08:36 - 2011-04-08 13:52 - 00000000 ____D C:\Windows\en
2015-09-12 07:31 - 2012-05-27 10:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 07:31 - 2012-05-27 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-12 07:30 - 2014-12-27 19:30 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-12 07:30 - 2014-05-21 18:40 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-12 07:25 - 2012-05-27 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2012-03-07 15:44 - 2015-05-13 10:21 - 0029696 _____ () C:\Users\Jacqueline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 21:01 - 2014-12-25 21:01 - 0000000 _____ () C:\Users\Jacqueline\AppData\Local\{C36D0A3D-5FB4-4FAD-A2A4-C9623DD123FB}
2012-03-21 12:25 - 2012-03-21 12:25 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-09 16:54

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Jacqueline (2015-10-10 10:07:00)
Running from C:\Users\Jacqueline\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-23 04:35:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2103894636-1046192603-3950623487-500 - Administrator - Disabled)
Guest (S-1-5-21-2103894636-1046192603-3950623487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2103894636-1046192603-3950623487-1002 - Limited - Enabled)
Jacqueline (S-1-5-21-2103894636-1046192603-3950623487-1000 - Administrator - Enabled) => C:\Users\Jacqueline

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4401 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{85CB0687-0239-473E-943B-E8AFEE6E044C}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 11.0.669 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Palette Previewer(TM) Consumer Edition (HKLM-x32\...\Palette Previewer(TM) Consumer Edition) (Version: - Autech)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.25 - iolo technologies, LLC)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-09-2015 09:23:42 Windows Update
30-09-2015 14:32:10 Windows Update
01-10-2015 16:36:40 Windows Update
01-10-2015 19:53:58 Windows Defender Checkpoint
01-10-2015 20:20:14 Windows Update
06-10-2015 18:04:56 Windows Update
06-10-2015 19:28:41 Windows Update
07-10-2015 12:34:45 Windows Update
08-10-2015 14:54:57 Windows Update
08-10-2015 15:32:57 JRT Pre-Junkware Removal
08-10-2015 15:41:16 Windows Update
 
==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-10-09 19:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08190AAF-E8B5-4CE8-B486-EACCF69451D6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {0AAF52D1-E4DA-40C3-9FFF-A80BCACC28F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {17C001CE-72EB-4F40-83D5-311E75BAFFDC} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {257560AE-0EBD-4D09-8851-CB2C851C1281} - System32\Tasks\{CAB83FCE-7F4F-46FA-BC73-C6FBF9E18571} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {25CF4D30-1478-4A56-8B11-C63E58821190} - System32\Tasks\{251400CF-5368-4BFB-B796-06FF3149800D} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {3068D45D-A297-44F2-B2F0-5723481DCD6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BE5DDDA-1919-4129-9079-ED1F86DA69E7} - System32\Tasks\{695DA913-12DF-451D-8174-F3F8DB9F288C} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {4214B6FF-B370-4FAF-B1F2-84F2762D2DDB} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-02-25] ()
Task: {5071E63A-8BA6-4358-B463-8553CCBE67BD} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {73BDC4DB-C6DE-412B-A32E-1822E763AC56} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {7AEB9184-0E13-41F2-A7A6-99C63FB327CE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {808DA898-C841-4920-8D60-ACF64F39509C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-07] (Adobe Systems Incorporated)
Task: {90A56754-19A4-4D2B-B08D-2133376F2BEE} - System32\Tasks\{22829F7C-B3F1-4A69-9FC1-6AC3A7A448B7} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {9C5ACC55-E791-4B28-BF54-04BCA2CB0B84} - System32\Tasks\{C9CA9CE6-CF7C-4969-B70A-0AE8A6BE15A7} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {A365EB1A-06F3-4258-A528-652EBA59081F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {B918B5ED-AD00-42ED-AF85-4D1883489CB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {B925B52D-08F6-4844-9BDF-D5AC1816C855} - System32\Tasks\HPCeeScheduleForJacqueline => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BAAC1B65-B5E8-45D3-A844-7D8880CCB9B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {D5A4B5E4-8254-440F-9114-442EE86A2A84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DDA231CB-CFA9-4A8E-8EFB-E86DFABF9D2A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-11] (AVAST Software)
Task: {E46889A1-98F9-45A7-8344-AB58E721FFD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E4CB39CF-A35D-434F-946A-FE63021A9704} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJacqueline.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-05-28 15:21 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 09:57 - 2011-03-15 09:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-09 15:29 - 2015-10-09 15:29 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15100901\algo.dll
2015-10-10 10:00 - 2015-10-10 10:00 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101000\algo.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-01 19:42 - 2015-10-01 19:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-05-28 15:20 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\CN1C14129905QB:NW
AlternateDataStreams: C:\ProgramData\Temp:612B5BD9
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU] (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU].eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacqueline\Pictures\Adobe\Desktop Wallpaper\wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jacqueline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1C14129905QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C1DC52E6-9EDB-4C8B-B4A1-4F1A0396ADF6}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{FC38A29F-6BD6-4D35-BF60-3CB07D0ABD91}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{C1E40A21-2210-4B71-8532-537B55A71026}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{C6FE28B5-A31B-4A07-B40B-34704D2506FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{0FF39452-9140-47DB-97AA-845A8D17A421}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{232A45B6-4D0A-41AC-AFED-34E070E52ED7}] => (Allow) LPort=2869
FirewallRules: [{5878BC40-4270-4540-831D-A09D4677F8F8}] => (Allow) LPort=1900
FirewallRules: [{BE0F2DC6-834E-44AE-8423-48F9E658B052}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3A46CC13-D644-4570-AAFA-2AC8A1341943}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{33C8B1DB-CFC3-417D-8256-5DC5D0C72BCE}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{E08CD860-7D93-4277-B8A1-2AB9BB9FABE7}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{4E32A595-9AC2-49C4-B686-2FEDF017AED2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{824BC4FE-4C3E-4A41-8FA0-4A031AD58C40}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BB8F289B-5781-41AD-A03A-27CFEED05D4D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D5AD41BD-B9C9-4DAA-8C25-7CB0C02832CB}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{56B427FB-13B5-4BEF-AE2B-66F3C1B57A23}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{2AF8FE62-A273-4A4A-91C1-57D1319C2B01}] => (Allow) LPort=7000
FirewallRules: [{E28879B4-AF1A-4A17-82CF-432E8C63CD7D}] => (Allow) LPort=7000
FirewallRules: [{CA74C074-5D3D-407B-9E28-CECAD7E8A305}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{EA657A60-64E6-436E-9282-8E1FA1B40848}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5F1D8CC7-2391-48F6-BABC-EA86402D5D84}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{18BD6D4D-2E33-4A8B-8367-EFE1FA5F05DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C260D34-7BCB-42C0-9635-E3AAC63C60EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61C797EB-CC8F-4A10-9A83-AC1E8E3BC692}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01B6E491-C4A4-4321-83BC-5C298B69220B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40B97EC3-D4FC-4949-8C4D-1FC5E84F102A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{F84D1CC4-48AA-4757-B455-7FF4DCCA86A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{691ADC16-D2FE-46C3-B5AD-ABE3DA1AABD9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{BC9BFFDF-E349-47E9-851C-F4EF3BF9E167}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{538D9915-BA24-4399-A9DB-1C53EC7B6725}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{9CC771B3-99AE-4D43-B467-9891153C1C88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{C3E2EEE8-9F6F-4288-B1C7-BE37FD1AD810}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{2F36449C-1324-4A96-8BFB-CB935512BD4B}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF987F7D-CFAC-4A05-B23A-15E85632C4B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C1766CF-1F96-4AFA-89D9-2D98FD7B10EF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{251E1197-DCC1-4C3E-8D32-338FB22459F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{E577CF43-AF37-48DC-A163-C30E6BAE78C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{90121A96-F441-4887-BCF1-8F461E92D4B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{644CD1D8-E910-49AF-98CB-4ACF397C706B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3B9C961A-145F-494D-B1E9-9C8C822A87AE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{55B9B2D7-4AF2-4F8D-92EC-8C5E09327A9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{864134BE-DD4A-467A-9767-17360D30D478}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{45D9438D-542F-4FE4-BFB1-98F4BB2F5BA4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{9A1C2D5D-03E9-47E3-8F3B-FB7606678D25}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{28689C02-C085-490E-A070-19250EAD4FB4}] => (Allow) C:\Users\Jacqueline\Desktop\Autech\Palette Previewer(TM) Consumer Edition\Paint.exe
FirewallRules: [{B8906F0A-5245-4E93-A161-6F40C46CDBE6}] => (Allow) C:\Users\Jacqueline\Desktop\Autech\Palette Previewer(TM) Consumer Edition\Paint.exe
FirewallRules: [{4149D1B3-EB19-4D5B-A71D-798F73AC5207}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{64A39925-11E7-4C13-83DE-445F7B2EAC75}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{65FCC9CC-0B5A-4414-9C1C-F6C643DF5925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77389A93-D2C2-46A2-B4F4-1DE22427C761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2169AFCC-EA77-4A6E-9FE2-1E122A3FBCDB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7AC3E4AB-64D2-4CF4-8FA6-7C4F18BEFBE7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{658E8015-218A-45E4-AE73-BEF2B203BA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{18B133DD-07A0-4530-BE62-25361726C0CC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6E22163F-B604-41C5-A3DF-80328DD5BF0F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{38AA64A0-786B-4E08-B87A-E1F972F4ED8E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{7871A2AD-1FD3-47CC-A298-B85A3CCA7D71}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9BC446E1-4904-482B-AD86-B55DF7CF8AB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{890A33B6-07AF-44C8-AD42-258065B82406}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{131DDE09-D0AB-4844-B8A4-18E26F4BAF0D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0907D7C5-6B92-472E-B3EA-BF65F0D88932}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{AF817D77-5FC6-4C98-9BFE-0AFE48F34271}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CA553B1D-ADA1-408E-A3F7-8123E0977C0A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6C01591A-EFC4-4CAB-A4B8-561B26CA0169}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CE69BC05-7BDB-4FC0-9F63-50F052A045DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{43F528F9-94BD-4970-8198-A28D7F55319F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============
 
==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2015 10:03:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdo...F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/10/2015 10:03:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdo...D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/10/2015 10:02:27 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/10/2015 09:59:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2015 09:59:44 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/09/2015 07:51:26 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/09/2015 07:08:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0xe3c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (10/09/2015 07:08:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1a4c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (10/09/2015 06:29:40 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/09/2015 06:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/10/2015 10:06:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/10/2015 10:01:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/10/2015 10:01:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/10/2015 10:01:28 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147467262.

Error: (10/10/2015 10:01:28 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/10/2015 10:01:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/10/2015 10:00:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/10/2015 10:00:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Error: (10/10/2015 09:59:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (10/09/2015 07:43:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
Date: 2015-10-09 19:41:47.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-09 19:41:47.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 31%
Total physical RAM: 8139.86 MB
Available physical RAM: 5594.45 MB
Total Virtual: 16277.92 MB
Available Virtual: 13275.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:684 GB) (Free:585.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.34 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1A3F0DFB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    9.3 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Jacqueline (2015-10-10 10:34:38) Run:1
Running from C:\Users\Jacqueline\Desktop
Loaded Profiles: Jacqueline (Available Profiles: Jacqueline)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
C:\Program Files\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120426092248.dll [2012-03-20] (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-15] (McAfee, Inc.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426092248.dll [2012-03-20] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2012-03-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2012-03-21] (McAfee, Inc.)
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2012-03-21] ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-15] (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [2012-03-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-06-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-05]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502032 2012-03-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-03-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-03-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-03-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
S3 AtiDCM; \??\C:\Users\Jacqueline\AppData\Local\Temp\atdcm64a.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-10-10 10:05 - 2015-10-10 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-10-07 09:18 - 2015-10-07 09:18 - 00000000 ____D C:\Users\Jacqueline\AppData\Local\Avg2015
2015-10-10 10:05 - 2011-06-23 12:11 - 00001828 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-10-07 10:10 - 2014-10-20 10:35 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\AVG2015
2015-10-07 10:10 - 2014-10-20 10:32 - 00000000 ____D C:\ProgramData\AVG2015
2015-10-07 10:10 - 2014-03-13 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-07 10:10 - 2013-10-30 12:50 - 00000000 ____D C:\Program Files (x86)\AVG
2012-03-07 15:44 - 2015-05-13 10:21 - 0029696 _____ () C:\Users\Jacqueline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 21:01 - 2014-12-25 21:01 - 0000000 _____ () C:\Users\Jacqueline\AppData\Local\{C36D0A3D-5FB4-4FAD-A2A4-C9623DD123FB}
2012-03-21 12:25 - 2012-03-21 12:25 - 0000057 _____ () C:\ProgramData\Ament.ini
AVG 2015 (Version: 15.0.4401 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
AlternateDataStreams: C:\Windows\SysWOW64\CN1C14129905QB:NW
AlternateDataStreams: C:\ProgramData\Temp:612B5BD9
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU] (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU].eml:OECustomProperty

*****************
 
[3448] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe => process closed successfully.
C:\Windows\System32\mfevtps.exe => Could not close process
Could not move "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\mfevtps.exe" => Scheduled to move on reboot.
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe => Could not close process
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe => Could not close process
Could not move "C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe" => Scheduled to move on reboot.
[9028] C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe => process closed successfully.
Could not move "C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe" => Scheduled to move on reboot.
[3552] C:\Program Files\McAfee.com\Agent\mcagent.exe => process closed successfully.
Could not move "C:\Program Files\McAfee.com\Agent\mcagent.exe" => Scheduled to move on reboot.
[8648] C:\Program Files\McAfee\MSM\McSmtFwk.exe => process closed successfully.
[5232] C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe => process closed successfully.
Could not move "C:\Program Files\McAfee\MSM\McSmtFwk.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe" => Scheduled to move on reboot.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value removed successfully
C:\Program Files (x86)\AVG\AVG2015\avgui.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully
"HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
"HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
"HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => key removed successfully
"HKCR\PROTOCOLS\Handler\dssrequest" => key removed successfully
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest => key not found.
"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => key removed successfully
"HKCR\PROTOCOLS\Handler\sacore" => key removed successfully
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\sacore => key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
"HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
"HKCR\Wow6432Node\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => key removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
"FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2012-03-21] ()" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => key removed successfully
C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
Could not move "c:\progra~2\mcafee\msc\npmcsn~1.dll" => Scheduled to move on reboot.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully

"C:\Program Files (x86)\McAfee\SiteAdvisor" folder move:

Could not move "C:\Program Files (x86)\McAfee\SiteAdvisor" => Scheduled to move on reboot.

C:\Program Files (x86)\McAfee\SiteAdvisor => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value removed successfully

"C:\Program Files (x86)\Common Files\McAfee\SystemCore" folder move:

Could not move "C:\Program Files (x86)\Common Files\McAfee\SystemCore" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => key removed successfully
Could not move "C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx" => Scheduled to move on reboot.
AVGIDSAgent => service removed successfully
avgwd => service removed successfully
McAfee SiteAdvisor Service => service could not remove
McComponentHostService => service removed successfully
McMPFSvc => service could not remove
mcmscsvc => service could not remove
McNaiAnn => service could not remove
McNASvc => service could not remove
McODS => service could not remove
McProxy => service could not remove
McShield => Unable to stop service.
McShield => service could not remove
mfefire => Unable to stop service.
mfefire => service could not remove
mfevtp => Unable to stop service.
mfevtp => service could not remove
MSK80Service => service could not remove
Avgdiska => Unable to stop service.
Avgdiska => service removed successfully
AVGIDSDriver => Unable to stop service.
AVGIDSDriver => service removed successfully
AVGIDSHA => Unable to stop service.
AVGIDSHA => service removed successfully
Avgldx64 => service removed successfully
Avgloga => Unable to stop service.
Avgloga => service removed successfully
Avgmfx64 => Unable to stop service.
Avgmfx64 => service removed successfully
Avgrkx64 => Unable to stop service.
Avgrkx64 => service removed successfully
Avgtdia => Unable to stop service.
Avgtdia => service removed successfully
cfwids => Unable to stop service.
cfwids => service removed successfully
mfeapfk => Unable to stop service.
mfeapfk => service could not remove
mfeavfk => Unable to stop service.
mfeavfk => service could not remove
mfeavfk01 => service removed successfully
mfefirek => Unable to stop service.
mfefirek => service could not remove
mfehidk => Unable to stop service.
mfehidk => service could not remove
mfenlfk => Service stopped successfully.
mfenlfk => service could not remove
mferkdet => service could not remove
mfewfpk => Unable to stop service.
mfewfpk => service could not remove
AtiDCM => service removed successfully
catchme => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully

"C:\Users\Jacqueline\AppData\Local\Avg2015" folder move:

Could not move "C:\Users\Jacqueline\AppData\Local\Avg2015" => Scheduled to move on reboot.

C:\Users\Public\Desktop\McAfee Total Protection.lnk => moved successfully
C:\Users\Jacqueline\AppData\Roaming\AVG2015 => moved successfully
C:\ProgramData\AVG2015 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG => moved successfully
C:\Program Files (x86)\AVG => moved successfully
C:\Users\Jacqueline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Jacqueline\AppData\Local\{C36D0A3D-5FB4-4FAD-A2A4-C9623DD123FB} => moved successfully
C:\ProgramData\Ament.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{27C467F8-F8EF-4f68-BD72-D63632B2096C}\\SystemComponent => value removed successfully
C:\Windows\SysWOW64\CN1C14129905QB => ":NW" ADS removed successfully.
C:\ProgramData\Temp => ":612B5BD9" ADS removed successfully.
C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU] (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU].eml => ":OECustomProperty" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-10 10:38:43)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" => Could not move
"C:\Windows\System32\mfevtps.exe" => Could not move
"C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe" => Could not move
"C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe" => Could not move
"C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe" => Could not move
"C:\Program Files\McAfee.com\Agent\mcagent.exe" => Could not move
"C:\Program Files\McAfee\MSM\McSmtFwk.exe" => Could not move
"C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe" => Could not move
"c:\progra~2\mcafee\msc\npmcsn~1.dll" => Could not move
"C:\Program Files (x86)\McAfee\SiteAdvisor" => Could not move
"C:\Program Files (x86)\Common Files\McAfee\SystemCore" => Could not move
"C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx" => Could not move
C:\Users\Jacqueline\AppData\Local\Avg2015 => Is moved successfully

==== End of Fixlog 10:38:59 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.185
Adobe Reader XI
Mozilla Firefox (41.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
iolo System Mechanic iologovernor64.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 26-07-2015
Ran by Jacqueline (administrator) on 10-10-2015 at 12:41:56
Running from "C:\Users\Jacqueline\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Sophos reported on screen that there were no viruses, so detail report was created.
will now try McAfee removal again
 
It boots as expected and I can run programs from the desktop and many thru the start button..but I can not access the control panel, computer, or Windows Explorer (not Internet Explorer,the browser)
 
Go Start and in "Start search" type:
cmd
Hold SHIFT and CTRL keys, press Enter.
Command Prompt window will open.
Paste the following command:

for %a in (c:\Windows\System32\*.dll) do regsvr32.exe /s "%a"

Press Enter.

Restart computer and see if it fixed anything.
 
I did as you asked, but it doesn't change what happens when click on Computer....the error is Explorer.exe, no such interface is supported
 
Last edited:
Can you access Control Panel now?

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif



Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif



Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif



Go to Repairs tab and click Open Repairs button.

p22012124.gif


In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif


Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Jacqueline\Desktop>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (287770 of 319744 file records processed)
319744 file records processed.

File verification completed.
1364 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
39 percent complete. (363063 of 406592 index entries processed)
406592 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
51 percent complete. (300406 of 319744 file SDs/SIDs processed)
319744 file SDs/SIDs processed.

Security descriptor verification completed.
43425 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (35889152 of 35890184 USN bytes processed)
35890184 USN bytes processed.

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

717225983 KB total disk space.
100187544 KB in 231971 files.
152632 KB in 43426 indexes.
0 KB in bad sectors.
448635 KB in use by the system.
65536 KB occupied by the log file.
616437172 KB available on disk.

4096 bytes in each allocation unit.
179306495 total allocation units on disk.
154109293 allocation units available on disk.

C:\>
 
On Step 4 - I ran System File Check by clicking on Do It button...22% verification complete...then Windows Resource Protection could not perform the requested operation. Please Restart Your computer when system file checker is finished
Press any key to continue...

I pressed Enter - and it returned me to Step 4 Option page.
I have the option to skip - should I?
 
No. It's important to run that step.

You didn't answer my question if after running my previous command you can access Control Panel.
 
Tweaking.com - Windows Repair v3.6.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: JACQUELINE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Jacqueline
Current Profile SID: S-1-5-21-2103894636-1046192603-3950623487-1000
Current Profile Classes: S-1-5-21-2103894636-1046192603-3950623487-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Jacqueline\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:02:36

Process Count: 26
Commit Total: 1.42 GB
Commit Limit: 15.90 GB
Commit Peak: 1.45 GB
Handle Count: 6678
Kernel Total: 292.72 MB
Kernel Paged: 200.76 MB
Kernel Non Paged: 91.96 MB
System Cache: 465.54 MB
Thread Count: 377
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.95 GB
Memory Used: 1.44 GB(18.082%)
Memory Avail.: 6.51 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.95 GB
Memory Used: 1.31 GB(16.4348%)
Memory Avail.: 6.64 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (10/11/2015 7:52:22 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 188
01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (10/11/2015 7:52:23 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done, 0.25 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done, 2.12 seconds.

Running Repair Under System Account
Done (10/11/2015 7:55:35 PM)

02 - Reset File Permissions: C:
C: & Sub Folders
Start (10/11/2015 7:55:35 PM)

Running Repair Under Current User Account
Done (10/11/2015 8:19:44 PM)

02 - Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (10/11/2015 8:19:44 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
Done, 0.15 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
Done, 0.13 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
Done, 0.15 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
Done, 0.13 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
Done, 0.14 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
Done, 1.63 seconds.

Running Repair Under Current User Account
Done (10/11/2015 8:25:45 PM)

02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (10/11/2015 8:25:45 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:25:47 PM)

03 - Reset Service Permissions
Start (10/11/2015 8:25:47 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:26:14 PM)

04 - Register System Files
Start (10/11/2015 8:26:14 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:26:58 PM)

05 - Repair WMI
Start (10/11/2015 8:26:59 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
avast! Antivirus Exported.

Exporting AntiSpyware Info...
Windows Defender Exported.
avast! Antivirus Exported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (10/11/2015 8:28:25 PM)

06 - Repair Windows Firewall
Start (10/11/2015 8:28:25 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.17 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:02 PM)

07 - Repair Internet Explorer
Start (10/11/2015 8:29:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:13 PM)

08 - Repair MDAC/MS Jet
Start (10/11/2015 8:29:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:20 PM)

09 - Repair Hosts File
Start (10/11/2015 8:29:20 PM)
Running Repair Under System Account
Done (10/11/2015 8:29:21 PM)

10 - Remove Policies Set By Infections
Start (10/11/2015 8:29:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:25 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (10/11/2015 8:29:25 PM)
Running Repair Under System Account
Done (10/11/2015 8:29:26 PM)

12 - Repair Icons
Start (10/11/2015 8:29:26 PM)
Running Repair Under Current User Account
Done (10/11/2015 8:29:27 PM)

13 - Repair Network
Start (10/11/2015 8:29:27 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.19 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:47 PM)

14 - Remove Temp Files
Start (10/11/2015 8:29:47 PM)
Running Repair Under System Account
Done (10/11/2015 8:29:48 PM)

15 - Repair Proxy Settings
Start (10/11/2015 8:29:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:29:50 PM)

17 - Repair Windows Updates
Start (10/11/2015 8:29:50 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.16 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (10/11/2015 8:31:04 PM)

18 - Repair CD/DVD Missing/Not Working
Start (10/11/2015 8:31:04 PM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (10/11/2015 8:31:04 PM)

19 - Repair Volume Shadow Copy Service
Start (10/11/2015 8:31:04 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:25 PM)

20 - Repair Windows Sidebar/Gadgets
Start (10/11/2015 8:31:25 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:27 PM)

21 - Repair MSI (Windows Installer)
Start (10/11/2015 8:31:27 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.2 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:39 PM)

22 - Repair Windows Snipping Tool
Start (10/11/2015 8:31:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:41 PM)

23.01 - Repair bat Association
Start (10/11/2015 8:31:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:43 PM)

23.02 - Repair cmd Association
Start (10/11/2015 8:31:43 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:46 PM)

23.03 - Repair com Association
Start (10/11/2015 8:31:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:48 PM)

23.04 - Repair Directory Association
Start (10/11/2015 8:31:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:50 PM)

23.05 - Repair Drive Association
Start (10/11/2015 8:31:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:52 PM)

23.06 - Repair exe Association
Start (10/11/2015 8:31:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:54 PM)

23.07 - Repair Folder Association
Start (10/11/2015 8:31:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:57 PM)

23.08 - Repair inf Association
Start (10/11/2015 8:31:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:31:59 PM)

23.09 - Repair lnk (Shortcuts) Association
Start (10/11/2015 8:31:59 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:01 PM)

23.10 - Repair msc Association
Start (10/11/2015 8:32:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:03 PM)

23.11 - Repair reg Association
Start (10/11/2015 8:32:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:05 PM)

23.12 - Repair scr Association
Start (10/11/2015 8:32:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:07 PM)

24 - Repair Windows Safe Mode
Start (10/11/2015 8:32:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:09 PM)

25 - Repair Print Spooler
Start (10/11/2015 8:32:10 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.16 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:15 PM)

26 - Restore Important Windows Services
Start (10/11/2015 8:32:15 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.16 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:23 PM)

27 - Set Windows Services To Default Startup
Start (10/11/2015 8:32:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:28 PM)

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1

31 - Repair Windows 'New' Submenu
Start (10/11/2015 8:32:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:30 PM)

32 - Restore UAC (User Account Control) Settings
Start (10/11/2015 8:32:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/11/2015 8:32:33 PM)

33 - Repair Performance Counters
Start (10/11/2015 8:32:33 PM)
Running Repair Under Current User Account
Done (10/11/2015 8:32:41 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (10/11/2015 8:32:41 PM)
Total Repair Time: 00:40:21


...YOU MUST RESTART YOUR SYSTEM...
 
Still not able to access control panel and computer - there are other reports if you want them in that folder. Have to go - check in tomorrow
 
You must log in or register to reply here.

Similar threads

E
  • Locked
Can't run regedit after infections
Replies
2
Views
3K
ericks
E

Latest posts

Back