13 replies to this topic

[MsMagoo]

HP p7-110, WIndows 7 Home Premium SP! 64 bit

 

A friend starting having trouble with Office 2010 requiring license key on accessing documents. The program would not accept her code as valid. Then she started having trouble with Live Mail. She received some "help" from a supposed Microsoft support agent before terminating their remote connection. She also asked her ISP for help. They suggested she get someone with hands on the computer because they couldn't resolve the issues. She was using Trend Micro Titanium as her Antivirus. I have replaced it with AVAST Free in case Trend Micro was interfering with the computer cleanup.

 

This computer has me stumped. Usually use of some good malware tools cleans up a computer, but not this one. I've gotten as much cleaned up as I can, but Windows Update doesn't run because the service installer can not be started. Other services such as scannow and system restore won't work either. I can connect to the internet, but can't run Panda Online Scan. Tweaking.com did not clear up problems with the windows services. Easy Recovery Virus scan found 2  instances of win.worm.palevo-4055 associated with Power2Go and 1 Trojan. Adwcleaner removed a lot of malware as did JRT. JRT reestablished a wired network connection. I tried to run an in place "upgrade" repair of Windows 7, but the program reports it's not able to obtain information from the computer discs.

 

=============================

 

I am trying to insert the logs instead, but have not been successful.

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-07-30 19:46:55
-----------------------------
19:46:55.570    OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:55.570    Number of processors: 4 586 0x2A07
19:46:55.570    ComputerName: CAROLVANDENBOSC  UserName:
19:46:58.878    Initialize success
19:46:58.893    VM: initialized successfully
19:46:58.909    VM: Intel CPU BiosDisabled
19:47:02.434    AVAST engine defs: 15073003
19:47:12.746    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:47:12.762    Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 3
19:47:12.871    Disk 0 MBR read successfully
19:47:12.871    Disk 0 MBR scan
19:47:12.871    Disk 0 Windows 7 default MBR code
19:47:12.886    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:47:12.886    Disk 0 Boot: NTFS     code=1
19:47:12.886    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941808 MB offset 206848
19:47:12.918    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11959 MB offset 1929029632
19:47:12.964    Disk 0 scanning C:\Windows\system32\drivers
19:47:22.278    Service scanning
19:47:36.786    Modules scanning
19:47:36.786    Disk 0 trace - called modules:
19:47:36.817    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:47:36.832    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800888b060]
19:47:36.832    3 CLASSPNP.SYS[fffff88000db043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80060fd050]
19:47:39.531    AVAST engine scan C:\Windows
19:47:41.403    AVAST engine scan C:\Windows\system32
19:49:55.080    AVAST engine scan C:\Windows\system32\drivers
19:50:06.577    AVAST engine scan C:\Users\carol vandenbosch
19:58:40.380    AVAST engine scan C:\ProgramData
20:04:46.278    Disk 0 statistics 5132453/0/0 @ 2.96 MB/s
20:04:46.278    Scan finished successfully
20:25:51.908    Disk 0 MBR has been saved successfully to "C:\Users\carol vandenbosch\Downloads\MBR.dat"
20:25:51.908    The log file has been saved successfully to "C:\Users\carol vandenbosch\Downloads\aswMBR.txt"

 

 

 

I am attaching logs from aswMBR and FRST64. I'm not sure if I should be posting in the Windows forum or here. We would really appreciate your help.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by carol vandenbosch (2015-07-30 20:33:16)
Running from C:\Users\carol vandenbosch\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1993600733-451308219-2223829884-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1993600733-451308219-2223829884-1004 - Limited - Enabled)
carol vandenbosch (S-1-5-21-1993600733-451308219-2223829884-1000 - Administrator - Enabled) => C:\Users\carol vandenbosch
Guest (S-1-5-21-1993600733-451308219-2223829884-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1993600733-451308219-2223829884-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-1993600733-451308219-2223829884-1000\...\Amazon Kindle) (Version:  - Amazon)
AndreaMosaic 3.33.0 (HKLM-x32\...\AndreaMosaic) (Version:  - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9EAAB95B-17B6-43CF-B4E9-4A90937C83FD}) (Version: 3.2.9594 - K-NFB Reading Technology, Inc.)
BookSmart® 3.4.3 3.4.3 (HKLM-x32\...\BookSmart® 3.4.3 3.4.3) (Version:  - Blurb, Inc)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChromecastApp (HKU\S-1-5-21-1993600733-451308219-2223829884-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}) (Version: 4.0.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HD Tune 2.54 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Jacquie Lawson Quick Send Widget (HKLM-x32\...\JLQuickSendWidget) (Version: 1.0.7 - MicroCourt Limited)
Jacquie Lawson Quick Send Widget (x32 Version: 1.0.7 - MicroCourt Limited) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1993600733-451308219-2223829884-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
PrintMaster 2.0 Gold (HKLM-x32\...\6485-4051-8654-1628) (Version:  - Encore Software Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.0.0 - ParetoLogic, Inc.) <==== ATTENTION
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
The Print Shop 22 (HKLM-x32\...\{1D2AB963-7FF4-4446-BF22-822101AA550F}) (Version: 22.00.0000 - Broderbund Software)
The Print Shop 3.0 Fonts (HKLM-x32\...\{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}) (Version: 1.0 - Encore)
TPS 3.0 Standard (HKLM-x32\...\{E8BAA8B9-DCFE-4589-B11F-2C88F317C5D8}) (Version: 3.0.3 - Encore)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.3.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1993600733-451308219-2223829884-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\carol vandenbosch\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-07-30 18:15 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C6B026D-7817-4F6A-AD83-8BA0D267CC24} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-28] ()
Task: {3896D8B7-4CCA-4F47-B8C7-F1E7E999D7D1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {4BD45377-B45E-49E0-A7EE-AF2E183746BB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {58D99919-6300-4740-B360-55542FAB68B2} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2015-07-28] (Hewlett-Packard Co.)
Task: {7C528F4A-E0A3-47EA-ABAA-5C3A07403D1F} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2015-07-28] ()
Task: {8BB1031E-2EC1-4848-98FA-7B2E5B910CCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993600733-451308219-2223829884-1000Core => C:\Users\carol vandenbosch\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {914A016D-2295-499C-BF74-850F375071E3} - System32\Tasks\{C1E12FD3-3DC6-4186-BB2D-EAEE54786E1A} => pcalua.exe -a "C:\Users\carol vandenbosch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHXNW4UM\wlsetup-web.exe" -d "C:\Users\carol vandenbosch\Desktop"
Task: {A3BF6CB6-47AB-46DC-9FE2-1EADCB576AD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-28] (Piriform Ltd)
Task: {AC4CD605-9A16-437A-9197-BCDBA601EE12} - System32\Tasks\{C3F0B690-1810-4A2A-B9C0-C9E849065A21} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B5CA4C80-CFD0-45CE-97BC-6F0C740452E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993600733-451308219-2223829884-1000UA => C:\Users\carol vandenbosch\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {C0C25E62-7CB4-49CF-A4AE-E12E6711F1B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {C1BE735B-295D-4FD9-8673-5CED6AA5A20C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {C3D500B0-791F-42DF-BC8C-BC10B09B3DBE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-29] (AVAST Software)
Task: {E1B5A13B-2129-42CB-AED1-8A956FA1B878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {E7B2D904-EF72-4C92-8514-FB78C0B55DD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {F367F87F-9F14-4A31-970C-315FB3E873C9} - System32\Tasks\HPCeeScheduleForCAROLVANDENBOSC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-07-28] (Hewlett-Packard)
Task: {FDC85282-8AD6-40AD-9A88-74161B2CF118} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993600733-451308219-2223829884-1000Core.job => C:\Users\carol vandenbosch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993600733-451308219-2223829884-1000UA.job => C:\Users\carol vandenbosch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCAROLVANDENBOSC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-10-07 04:39 - 2015-07-28 17:26 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-07-29 22:14 - 2015-07-29 22:14 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-29 22:14 - 2015-07-29 22:14 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-30 17:03 - 2015-07-30 17:03 - 02959360 _____ () C:\Program Files\AVAST Software\Avast\defs\15073003\algo.dll
2015-07-29 22:14 - 2015-07-29 22:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\carol vandenbosch\Documents\Children.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescueUA_2035275 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1993600733-451308219-2223829884-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\carol vandenbosch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 20.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^carol vandenbosch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk => C:\windows\pss\Jacquie Lawson Quick Send Widget.lnk.Startup
MSCONFIG\startupfolder: C:^Users^carol vandenbosch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\carol vandenbosch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14D0A45A-5968-498B-8B43-73E92C3F7A5F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2139DE1B-4E27-44BB-A7F2-6D1B7AAF1651}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{7F23DF94-13D1-47CF-9DD0-36CA416FFECA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{67667954-F8A4-4594-9F7D-ADB185FA2A32}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{B7EE9ADC-A3F9-4513-A8EC-074BC04FEEBE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{A4A4F2CC-7B91-433D-A38E-8E05C0AE7DDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{45D75326-683D-4B67-BF50-20508DA16D6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{768E1C0A-11CE-4C26-83ED-BB909B446BA0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9C03B427-C81B-4C47-AC72-B371EA6F9C34}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{EA32974C-4AD2-4EEB-8C85-09EB1A3177B9}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{931A44A5-954C-46E8-9B0C-C01281525F6E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{F1905AE5-ED2D-4598-A4A1-C1B4672FED52}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{11E7E2AF-BE6E-464F-81A3-44A3215F8027}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4D3195D2-2C15-43C9-855D-80531351A328}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AD82EF58-57BE-4DAA-B201-4C9525327D8E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{115CB39F-BF17-4352-9FBB-84D515821046}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D61C4883-463C-4639-9804-C4531B2168B1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FB5E89EC-AC52-4485-BD0B-9D20EBBFA24F}] => (Allow) C:\Users\carol vandenbosch\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5CF74C28-F2DC-4FA3-AFEE-DB1211AE8323}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6F5AE17D-8DC1-49B4-8F89-A0BE2E021AC1}] => (Allow) LPort=2869
FirewallRules: [{8C12B527-FED0-449A-B4F3-C39D5415BB7F}] => (Allow) LPort=1900
FirewallRules: [{8F8C6F22-303D-4A30-96FC-9D650D0A6761}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{32725373-7CA1-4B05-9CE9-FFAA7BB2B989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A66F169-0334-47FE-B35F-CE8D94D26316}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2AC794BD-7E6E-4F59-A196-FD1D4C95CB7B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1FEA7CDE-97A0-4F4A-AC1D-F25C9F288515}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{09C48E5D-98DC-4CB3-9B4E-F813FFF0B52E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2015 07:19:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:33 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

Error: (07/30/2015 06:44:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Name: BITS Writer
   Writer Instance ID: {1066fd5b-9e44-4ce5-a018-f7005aad0985}

Error: (07/30/2015 06:44:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and Name CEventSystem is [0x80040154, Class not registered
].

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Name: BITS Writer
   Writer Instance ID: {1066fd5b-9e44-4ce5-a018-f7005aad0985}

Error: (07/30/2015 06:42:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/30/2015 06:42:05 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

System errors:
=============
Error: (07/30/2015 06:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
%%1053

Error: (07/30/2015 06:45:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

Error: (07/30/2015 06:45:25 PM) (Source: WMPNetworkSvc) (EventID: 14333) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly due to error '0x80040154'. Restart your computer, and then try to restart the service.

Error: (07/30/2015 06:44:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (07/30/2015 06:41:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (07/30/2015 06:41:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (07/30/2015 06:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error:
%%1053

Error: (07/30/2015 06:41:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Identity Protection Technology Host Interface Service service to connect.

Error: (07/30/2015 06:41:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (07/30/2015 06:41:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Microsoft Office:
=========================
Error: (07/30/2015 07:19:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:33 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 07:19:32 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Class not registered

Operation:
   Instantiating VSS server

Error: (07/30/2015 06:44:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Class not registered

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Name: BITS Writer
   Writer Instance ID: {1066fd5b-9e44-4ce5-a018-f7005aad0985}

Error: (07/30/2015 06:44:20 PM) (Source: VSS) (EventID: 22) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80040154, Class not registered

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Name: BITS Writer
   Writer Instance ID: {1066fd5b-9e44-4ce5-a018-f7005aad0985}

Error: (07/30/2015 06:42:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/30/2015 06:42:05 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 34%
Total physical RAM: 6050.52 MB
Available physical RAM: 3961.17 MB
Total Virtual: 12099.24 MB
Available Virtual: 9978.59 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:829.32 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:0.34 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

I may not be able to insert the farbar main results. I've not been successful yet.

Edited by MsMagoo, 31 July 2015 - 08:46 AM.

[Curie]

Hello MsMagoo!

Welcome to What the Tech.
I am Marie Curie and will gladly help you with any malware-related problems.

I am currently in training at WhatTheTech and every post of mine will be approved by a teacher. I will return as soon as possible with instructions. Please familiarize yourself with the following ground rules in the meanwhile.

• Read my instructions thoroughly, carry out each step in the given order.
• Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
• If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
• Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
• Back up important files before we start.

[MsMagoo]

Hi Marie Curie,

I appreciate your taking on at my topic. I am trying to paste the main Farbar report here. It  does not appear to load. Is there another way that I should send it?

[Curie]

Hello MsMagoo. Can you attach the FRST.txt log instead of pasting it?

[MsMagoo]

Here it is, Ms. Curie.

Attached Files

•  FRST.txt   621.77KB   333 downloads

[Curie]

Registry Cleaner Warning
------------------------------
 
I see you have registry cleaner/optimization software (RegCure Pro) installed on your computer. Registry cleaners and optimization tools that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootable. There is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

• Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.
• Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.
• The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance. 

Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well.
 
Questions 1:
 
You have some programs installed that are potentially unwanted. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies.
Please tell me for each of the following programs if you (or your friend) wants to keep them:

• Wildtangent Games
• BingBar
• Avery Toolbar

Questions 2:
 
You said you installed Avast in case Trend Micro Titanium Maximum Security interferes with the cleanup. Trend Micro Titanium Maximum Security is still installed and this software was paid for. If the subscription did not ran out, the owner of the PC will probably like to keep it. It is no good idea to have two antivirus suits installed. Please talk to the owner (if you haven't already) and tell me what you plan on doing with Trend Micro Maximum Security after the cleanup.

 

Questions 3:

 

You have LogmeIn installed, which is a Remote Access software. Do you (/the owner) plan on using this software after the cleanup?

[MsMagoo]

Marie Curie, I posted this response this morning, but it does not appear to have made it to the website.

 

We will gladly remove the 4 PUP's listed in question 1. Trend Micro was provided by the ISP and is not actually a paid by consumer subscription. I did an uninstall from Control Panel but there must be leftovers that need to be removed. Reg Cure was installed by the owner and can be uninstalled. I avoid registry cleaners nowadays. Logmein should be uninstalled, too. How would you like me to remove these. Thank you.

[Curie]

STEP 1
Trend Micro Diagnostic Toolkit

• Download Trend Micro Diagnostic Toolkit
• Double-click Ti_100_win_en_Tool_UninstallTool_hfb0001.exe.
• Click Yes when the User Account Control window appears.
• Read and accept the License Agreement, then click Next.
• Click Install.
• Click Uninstall software.
• Type the characters in the field provided then click Continue.
• Click Uninstall. Wait for the uninstallation to complete.
• Click Yes to restart the computer.

STEP 2
Trend Micro Titanium Driver Remover

• Download the Titanium Driver Remover tool and save it to your desktop.
• Extract the file.
  Note: Type "novirus" when prompted for a password.
• Open the extracted file and go to the 64 bit version.
• Run DriverRemover.exe.
• Click "Start Fix!" button and wait for it to finish.
• Restart computer.

STEP 3
 Uninstall Software

• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for the following programmes, right-click and click Uninstall.
  • ​​​​Bing Bar
  • Wildtangent Games
  • RegCure Pro
• Follow the prompts.
• Note: If you are offered the choice to install additional software, ensure you decline.
• Reboot if necessary.

STEP 4
Remove Chrome Extension

• On your browser, click menu.
• Select More tools > Extensions.
• Click Remove from Chrome for Avery Toolbar.
• A notice to remove the extension will appear. Click Remove.

 

======================================================

 

Please tell me for each step if removal of the programmes was successful.

[MsMagoo]

 

8:16 PM (12 hours ago)

 

to What

 

 

 

 

 

Hi Marie,

I was successful uninstalling Titanium (Step 1) and running Driver Removal (Step 2)

appwiz.cpl does not run- remember a lot of the Microsoft services are not working.  (Step 3)

Chrome does not show Avery Tool Bar as an extension. Avast not fin it as an unsafe or unwanted add-on. I re-ran adwcleaner and it does not find Avery either. I think it must have been previously removed by JRT or Adwcleaner.

(Step 4)

 

 

 

I don't know why my replies are not getting through. I hope that you get this today. If we are clear of viruses and most malware, I would like to get started with Windows repair.

[Curie]

Hello MsMagoo.

I see that Revo is already installed on the system. Could you try if you are able to uninstall via Revo?

 

STEP 1
 Revo Uninstaller

• Double-Click Revo Uninstaller to run the programme. 
• From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
  • Bing Bar
  • Wildtangent Games
  • RegCure Pro
• ​Double-Click the programme. 
• When prompted if you want to uninstall click Yes.
• Ensure the Moderate option is selected and click Next.
• The programme uninstaller will run. If prompted again click Yes.
• Work your way through the uninstaller, ensuring you read each page thoroughly.
• Note: If you are offered the choice to install additional software, ensure you decline. 
• Once the built-in uninstaller is finished click Next.
• Once the programme has searched for leftovers click Next.
• Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
• When prompted click Yes, followed by Next.
• Click Select all, followed by Delete.
• When prompted click Yes, followed by Next.
• Upon completion, click Finish.
• In your next reply, confirm you were successful in uninstalling all programmes listed above.

[MsMagoo]

Ms. Curie, I was able to uninstall BingBar and RegCure Pro using RevoUninstaller. Wild Tangent Games did not show in Revo. This is my second time to try to post this here this morning.

 

May we please address the problems with Microsoft services not running or take this to the Windows Forum? Thank you.

Edited by MsMagoo, 05 August 2015 - 10:55 AM.

[Curie]

Alright, MsMagoo. Post your problem in the Windows Forum (include a link to this thread, so they know what we have done so far).

I see potentially unwanted or undesired programs (PUPs) on the system, but no malware. You may come back here after your problem is solved to address the PUPs.

[MsMagoo]

Thank you, Marie Curie. Once we have the major work done, it will be easier to do the cleanup.

[LiquidTension]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.htmland start a new topic