Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Blue Screen

Unread postby Vanilla-krypton » September 10th, 2015, 8:49 am

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015
Ran by Danielle (administrator) on SENNSTROM-HOME (10-09-2015 08:44:11)
Running from C:\Users\Danielle\Downloads
Loaded Profiles: Danielle (Available Profiles: Danielle & Guest)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\RzKLService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Danielle\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\main.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RazerCortex] => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe [98256 2015-06-05] (Razer Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Run: [Spotify Web Helper] => C:\Users\Danielle\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{67E63B23-21BC-46DB-AD98-4089574A6E5B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\dv9qb26k.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.ecosia.org/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2767167476-1858105450-2367976372-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danielle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-15] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\dv9qb26k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-28]

Chrome:
=======
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (Don't Fall!) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfiggjmpgelmocdfipjbddjbnbmcfepb [2014-11-28]
CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Give Up) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2014-11-28]
CHR Extension: (Free Rider HD) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Causality Games) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-11-28]
CHR Extension: (Snake) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmokkdndehlgfklkghmlcphifmnlfkhp [2014-11-28]
CHR Extension: (Manyland) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\geieilhcelplmpfhepdoggckhmfaanmp [2014-11-28]
CHR Extension: (Dark atmosphere) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Happy Wheels) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2014-11-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (PacMan Advanced) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmffjghfdhgmjohekbbfgagpifiiapf [2014-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR HKLM\...\Chrome\Extension: [fjpbiejamkbdmglmndhcidcodgdffcae] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta771\ch\VideoPlayerV3beta771.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2007048 2015-08-20] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-05-28] ()
R2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-03-10] (Razer, Inc.)
S3 esgiguard; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 08:43 - 2015-09-10 08:43 - 00000000 ____D C:\Users\Danielle\Downloads\FRST-OlderVersion
2015-09-09 20:29 - 2015-09-09 20:52 - 00018916 _____ C:\Users\Danielle\Downloads\SystemLook.txt
2015-09-09 20:29 - 2015-09-09 20:29 - 00075264 _____ C:\Users\Danielle\Downloads\SystemLook.exe
2015-09-09 20:12 - 2015-09-09 20:12 - 00958104 _____ C:\Users\Danielle\Downloads\Norton_Removal_Tool.exe
2015-09-08 20:20 - 2015-09-09 20:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-08 20:14 - 2015-09-08 20:55 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-08 20:14 - 2015-09-08 20:14 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-08 20:12 - 2015-09-08 20:14 - 18779208 _____ C:\Users\Danielle\Downloads\RogueKiller.exe
2015-09-08 20:11 - 2015-09-08 20:14 - 00003304 _____ C:\Users\Danielle\Downloads\Search.txt
2015-09-06 13:05 - 2015-09-06 13:05 - 00000000 ____D C:\AdwCleaner
2015-09-06 13:00 - 2015-09-06 13:01 - 01654272 _____ C:\Users\Danielle\Downloads\AdwCleaner.exe
2015-09-06 13:00 - 2015-09-06 13:01 - 00031949 _____ C:\Users\Danielle\Downloads\Addition.txt
2015-09-06 12:59 - 2015-09-10 08:44 - 00014049 _____ C:\Users\Danielle\Downloads\FRST.txt
2015-09-06 12:59 - 2015-09-10 08:44 - 00000000 ____D C:\FRST
2015-09-06 12:58 - 2015-09-10 08:43 - 01692672 _____ (Farbar) C:\Users\Danielle\Downloads\FRST.exe
2015-09-06 12:58 - 2015-09-06 12:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SENNSTROM-HOME-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2015-09-06 12:57 - 2015-09-06 12:57 - 00001978 _____ C:\Users\Danielle\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-06 12:57 - 2015-09-06 12:57 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-06 12:57 - 2015-09-06 12:57 - 00000000 ____D C:\Program Files\Tweaking.com
2015-09-06 12:56 - 2015-09-06 12:57 - 04687184 _____ (Tweaking.com) C:\Users\Danielle\Downloads\tweaking.com_registry_backup_setup.exe
2015-09-04 19:05 - 2015-09-09 20:25 - 00000000 ____D C:\Users\Danielle\AppData\Local\LogMeIn Rescue Applet
2015-09-02 16:47 - 2015-09-02 16:47 - 00007335 _____ C:\Users\Danielle\Desktop\dds.txt
2015-09-02 16:47 - 2015-09-02 16:47 - 00003359 _____ C:\Users\Danielle\Desktop\attach.txt
2015-09-02 16:45 - 2015-09-02 16:45 - 00688992 ____R (Swearware) C:\Users\Danielle\Downloads\dds.scr
2015-09-02 16:30 - 2015-09-02 16:30 - 274755559 _____ C:\Windows\MEMORY.DMP
2015-09-02 16:30 - 2015-09-02 16:30 - 00140048 _____ C:\Windows\Minidump\Mini090215-01.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 08:45 - 2009-02-21 10:18 - 00000424 ____H C:\Windows\Tasks\User_Feed_Synchronization-{153C7F06-C33C-4344-9301-9EF00F17085C}.job
2015-09-10 08:33 - 2014-11-26 14:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 08:24 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 08:24 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-10 08:09 - 2012-04-29 11:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-10 03:33 - 2014-11-26 14:57 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 20:24 - 2012-06-10 15:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 20:24 - 2008-01-20 23:02 - 02019546 _____ C:\Windows\PFRO.log
2015-09-09 20:24 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 20:23 - 2006-11-02 08:58 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-09 20:16 - 2013-07-23 15:44 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 20:16 - 2008-08-25 09:31 - 00000000 ____D C:\ProgramData\Symantec
2015-09-08 22:36 - 2008-09-04 10:11 - 02529428 _____ C:\Windows\WindowsUpdate.log
2015-09-08 22:35 - 2008-12-03 22:31 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForDanielle.job
2015-09-08 20:13 - 2009-02-28 11:01 - 00000000 ____D C:\Windows\Minidump
2015-09-08 20:09 - 2008-12-07 20:17 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-09-03 04:35 - 2014-11-26 14:58 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 16:58 - 2012-08-19 16:30 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Skype
2015-09-02 16:37 - 2012-08-19 16:29 - 00000000 ____D C:\ProgramData\Skype
2015-08-20 16:54 - 2011-12-28 23:23 - 00000000 ____D C:\ProgramData\Origin
2015-08-20 16:28 - 2011-12-28 23:22 - 00000000 ____D C:\Program Files\Origin
2015-08-12 09:09 - 2012-04-29 11:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 09:09 - 2012-01-22 15:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-05-03 16:34 - 2015-07-05 09:32 - 0000888 _____ () C:\Users\Danielle\AppData\Roaming\wklnhst.dat
2013-01-16 01:03 - 2013-01-16 01:03 - 0000552 _____ () C:\Users\Danielle\AppData\Local\d3d8caps.dat
2008-12-04 16:38 - 2015-06-30 10:00 - 0000680 _____ () C:\Users\Danielle\AppData\Local\d3d9caps.dat
2008-12-05 09:49 - 2014-07-31 12:28 - 0017408 _____ () C:\Users\Danielle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-25 09:13 - 2008-08-25 09:14 - 0000349 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Danielle\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Danielle\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Danielle\AppData\Local\Temp\GotClip_Setup.exe
C:\Users\Danielle\AppData\Local\Temp\installerdll2054655721.dll
C:\Users\Danielle\AppData\Local\Temp\mpam-2c543907.exe
C:\Users\Danielle\AppData\Local\Temp\mpam-7f721943.exe
C:\Users\Danielle\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-10 08:33

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015
Ran by Danielle (2015-09-10 08:45:24)
Running from C:\Users\Danielle\Downloads
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2008-09-04 14:07:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2767167476-1858105450-2367976372-500 - Administrator - Disabled)
Danielle (S-1-5-21-2767167476-1858105450-2367976372-1000 - Administrator - Enabled) => C:\Users\Danielle
Guest (S-1-5-21-2767167476-1858105450-2367976372-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.5411 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4861.15 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Demo (HKLM\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.3.4292.2709 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 5.5.31.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Strongvault Online Backup (Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
The Sims 2 Family Fun Stuff (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version: - )
The Sims 2 Glamour Life Stuff (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
The Sims 2 Open For Business (HKLM\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
The Sims 2 Pets (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
The Sims 2 University (HKLM\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version: - )
The Sims™ 2 Apartment Life (HKLM\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
The Sims™ 2 Double Deluxe (HKLM\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version: - Electronic Arts)
The Sims™ 2 FreeTime (HKLM\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
The Sims™ 2 IKEA® Home Stuff (HKLM\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
The Sims™ 2 Kitchen & Bath Interior Design Stuff (HKLM\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
The Sims™ 2 Mansion and Garden Stuff (HKLM\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
The Sims™ 2 Seasons (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
The Sims™ 2 Teen Style Stuff (HKLM\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-07-2015 11:27:54 Scheduled Checkpoint
31-07-2015 10:59:33 Scheduled Checkpoint
07-08-2015 14:47:02 Scheduled Checkpoint
16-08-2015 16:55:21 Scheduled Checkpoint
18-08-2015 02:58:47 Scheduled Checkpoint
19-08-2015 01:42:51 Scheduled Checkpoint
20-08-2015 00:00:03 Scheduled Checkpoint
21-08-2015 00:55:58 Scheduled Checkpoint
06-09-2015 13:37:59 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-07-18 12:04 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E68783-7001-4B91-858F-2BF018A702C4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {342EF9AD-9494-4A79-8BFA-7C28B7BC1C51} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {58BEC6FB-B1C2-481B-AD80-DF89D3F906E6} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {76F8B4E1-E197-49E6-9B5E-7EA97F4F5C33} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMPMLMPMPMLJOMNMKMCNKJMJJJJMCNLMKMLMOJCNHMMJHMHMCNNJLMOJNMKJPMOJLMIMGMLJOJJNJICMIMCNLMCNNMFMIMCNPMCNJMPMPMOMFMJMCNPMCNJMPMPMOMCNNMJNPICMPMFMFMMMMMJNHICMNJKIBJPMOMJNBJCMLLOJBJGJKJDJDJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {793BCAB2-0A80-40D0-A6D5-3071BE88D477} - System32\Tasks\HPCeeScheduleForDanielle => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {7B45B33D-8335-4355-8922-AF2AD7AA4753} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {819C8B06-671E-4F15-BCAF-9D9310D4F2FE} - System32\Tasks\avastBCLRestartS-1-5-21-2767167476-1858105450-2367976372-1000 => Firefox.exe
Task: {A4D6192D-2A9B-4F6C-B946-3659A202AD14} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {A4EC0100-76A3-4BBF-B702-E499C8B41D19} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.)
Task: {BA0EF7B4-9E23-4291-9450-1261E068C8B1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Danielle => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {BA415AF0-7697-49EC-8D44-E6C4D6BE0E00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {D81F77EE-2004-4379-8FBE-7A2200283A7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD75CDFB-0EF3-461A-A193-0DFB291DF32C} - System32\Tasks\{5B770A6B-ED5E-4A11-BB52-0F17C0B8AD34} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\PackageInstaller.exe" -d "C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin"
Task: {E0C1436B-1E78-478B-829E-33E9DD71F952} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDanielle.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{153C7F06-C33C-4344-9301-9EF00F17085C}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-28 20:13 - 2015-05-28 20:13 - 00187048 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2015-02-14 21:43 - 2015-06-05 17:54 - 00264192 _____ () C:\Program Files\Razer\Razer Cortex\D3DX8Wrapper.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danielle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2015 08:26:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (09/09/2015 08:26:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE

Error: (09/09/2015 08:26:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (09/09/2015 08:26:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (09/09/2015 08:26:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (09/08/2015 10:37:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/08/2015 10:37:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/08/2015 10:36:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1925.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/08/2015 08:48:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/08/2015 08:48:00 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/08/2015 08:47:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office:
=========================
Error: (09/09/2015 08:26:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG


CodeIntegrity:
===================================
Date: 2014-07-16 12:57:31.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Sempron(tm) Dual Core Processor 2200
Percentage of memory in use: 40%
Total physical RAM: 1917.76 MB
Available physical RAM: 1148.51 MB
Total Virtual: 4078.73 MB
Available Virtual: 2638.27 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:138.03 GB) (Free:41.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I tried to attach the minidump, but it said I don't have permission to open it?
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm
Advertisement
Register to Remove

Re: Blue Screen

Unread postby mAL_rEm018 » September 11th, 2015, 10:53 am

Hello Vanilla-krypton,

Please answer the following question..
Vanilla-krypton wrote:I tried to attach the minidump, but it said I don't have permission to open it?

  • Did the message appear after you selected the file and clicked on Open or did you try to open the file by using the preview button?

You had trouble using System Look, let's do a search using another way..

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Lucky Searches;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Next..

Removing false AV and Firewall notifications in WMI using wbemtest.exe

  • Click Start > Run then type wbemtest.exe into the Open: box, click OK
  • This will launch Windows Management Instrumentation Tester
    • Click on the Connect button.
    • In the box at the top, where it says root\default change it to say root\securitycenter then click Connect
    • Click on Enum Instances
    • In the box that opens, type antivirusproduct and click OK
    • A box will open with a list of the anti-virus programmes that WMI sees on your computer.
      • Click on the one with the CLSID .... {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} .... to highlight it, then click Delete
      • Repeat for the one with the CLSID .... {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
      • Click Close to close the Query box.
    • Click on Enum Instances
    • In the box that opens, type firewallproduct and click OK
    • A box will open with a list of the firewall programmes that WMI sees on your computer.
      • Click on the one with the CLSID .... {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} .... to highlight it, then click Delete
      • Click Close to close the Query box.
    • Exit out of Windows Management Instrumentation Tester

Reboot your computer.

DO NOT use the WMI Tester in any way other than the one described above. If you cannot find the CLSIDS I've named for removal then just exit out of WMI Tester and let me know.

Any problems with the instructions I've given you then let me know.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • Search.txt
  • Let me know if you were able to follow the instructions concerning Windows Management Instrumentation Tester.
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 11th, 2015, 8:42 pm

I forgot to mention that whenever I get on my computer, sometimes HP Update will pop up and say access is denied? Like I don't click anything it just pops up at the randomest times.

And to answer your question, the minidump message pops up when I select the file then select ''open''


Farbar Recovery Scan Tool (x86) Version:10-09-2015
Ran by Danielle (2015-09-11 20:41:11)
Running from C:\Users\Danielle\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Lucky Searches;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Danielle\AppData\Local\Temp\is754907076\MyBabylonTB.exe"="1"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]

[HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

===================== Search result for "whitesmoke" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar]

====== End of Search ======

And about the Instrumentation Tester; I did both the antivirusproduct and the firewallproduct, but there was nothing in either list.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 12th, 2015, 3:23 pm

Hello Vanilla-krypton,


We will take care of the minidump later, but for now please perform the following diagnostic scan..

  • Please download WMI Diagnosis Utility to your desktop.
  • Right-click WMIDiag.exe and select Run as administrator.
  • Read the license agreement and if you agree, select Yes.
  • When asked where to extract the files, copy/paste or type:
    C:\WMIDiag
  • Select OK.
  • Open the Start Menu and copy/paste or type the following:
    C:\WMIDiag\WMIDiag.vbs
  • Press Enter.
    Your computer might appear to do nothing, but a scan is being made. Please be patient.
  • Once the scan is finished a log will appear, please post the contents in your next reply.
    If no log appears after 20 minutes, please follow the steps below..


The following step should only be performed if no log appeared after following the instructions above..

  • Open the Start Menu and copy/paste or type the following in the search box:
    cmd /c dir %temp% > C:\Users\Danielle\Desktop\TempDir.txt
  • A black window will appear and disappear very quickly, this is normal.
  • A file named TempDir.txt should now be on your desktop.
  • Open TempDir.txt and post the contents in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • WMI Diagnosis Utility log
  • TempDir.txt (Only if necessary)
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 13th, 2015, 3:07 pm

Well I tried to download the WMI thing, but a thing popped up and said it isn't compatible with my version of windows. It said to see if I needed the 64 bit or 32 bit version, then to contact the software publisher. I know I'm a 32 bit.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 14th, 2015, 9:55 am

Hello Vanilla-krypton,

Please answer the following questions..

Adwcleaner
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, feel free to uncheck any entry you do not want removed.
  • Select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.

Next..

Please navigate to the following location..
C:\Windows\Minidump\Mini090215-01.txt

  • Rename Mini090215-01.txt to Mini090215-01.dmp
  • This can be done by right-clicking on Mini090215-01.txt and selecting Rename.

Next..

  • Download BlueScreenView to your desktop.
    Please note that the file needs to be unzipped before it can be accessed. If you do not know how to do this, please let me know.
  • Right-click BlueScreenView.exe and select Run as administrator.
  • Click on Mini090215-01.dmp.
  • Open the Edit Menu and click Select All.
  • Open the File Menu and select Save Selected Items.
  • Name the file as Minidump.txt on your desktop.
  • Close BlueScreenView and open Minidump.txt
  • Please post the contents of Minidump.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question?
  • AdwCleaner log
  • Minidump.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 15th, 2015, 10:10 pm

Yeah I set my homepage to Ecosia.

# AdwCleaner v5.007 - Logfile created 15/09/2015 at 22:03:43
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Username : Danielle - SENNSTROM-HOME
# Running from : C:\Users\Danielle\Downloads\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\036E1932CE0688C66427FE3F6C44B161
[-] Folder Deleted : C:\Users\Guest\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\Windows\Reimage.ini

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : GoforFilesUpdate

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7357A44B-D09F-40DA-9B0B-639C741A471D}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\BrowseForTheCause
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Video Player
[-] Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
[-] Key Deleted : HKLM\SOFTWARE\Better-Surf
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{220FB035-4744-483A-9A0B-41DF77061583}
[!] Key Not Deleted : HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****

[-] [C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2519 bytes] ##########

Not sure if you need to know, but I didn't uncheck anything in the cleaning list.


I went to the minidump text file and tried to change the extension back to .dmp, but when I went to rename it, the .txt extension wasn't there to change.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 17th, 2015, 8:01 am

Hello Vanilla-krypton,

Vanilla-krypton wrote:I went to the minidump text file and tried to change the extension back to .dmp, but when I went to rename it, the .txt extension wasn't there to change.

The following fix should rename the file.

I need you to run a fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR HKLM\...\Chrome\Extension: [fjpbiejamkbdmglmndhcidcodgdffcae] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta771\ch\VideoPlayerV3beta771.crx <not found>
S3 esgiguard; no ImagePath
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
2015-09-09 20:16 - 2013-07-23 15:44 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 20:16 - 2008-08-25 09:31 - 00000000 ____D C:\ProgramData\Symantec
C:\Users\Danielle\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Danielle\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Danielle\AppData\Local\Temp\GotClip_Setup.exe
C:\Users\Danielle\AppData\Local\Temp\installerdll2054655721.dll
C:\Users\Danielle\AppData\Local\Temp\mpam-2c543907.exe
C:\Users\Danielle\AppData\Local\Temp\mpam-7f721943.exe
C:\Users\Danielle\AppData\Local\Temp\SkypeSetup.exe
Strongvault Online Backup (Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Task: {25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {342EF9AD-9494-4A79-8BFA-7C28B7BC1C51} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar]
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Danielle\AppData\Local\Temp\is754907076\MyBabylonTB.exe" /f

Hosts:
EmptyTemp: 
CMD: ipconfig /flushdns
CMD: REN "C:\Windows\Minidump\Mini090215-01.txt" "Mini090215-01.dmp"
CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Removing programs in Vista
  • Open the Start menu and select Control Panel.
  • Click on Uninstall a program located under Programs.
  • Select the following program:
    Strongvault Online Backup
  • Click Uninstall.
  • When prompted for confirmation, select Continue.
    Answer any/all questions very carefully.
  • Please restart your computer.


Next..

  • Download BlueScreenView to your desktop.
    Please note that the file needs to be unzipped before it can be accessed. If you do not know how to do this, please let me know.
  • Right-click BlueScreenView.exe and select Run as administrator.
  • Click on Mini090215-01.dmp.
  • Open the Edit Menu and click Select All.
  • Open the File Menu and select Save Selected Items.
  • Name the file as Minidump.txt on your desktop.
  • Close BlueScreenView and open Minidump.txt
  • Please post the contents of Minidump.txt in your next reply.

-----------------------------------------
In your next reply, I would like to see..
  • fixlog.txt
  • Minidump.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 18th, 2015, 4:28 pm

Well I made the fixlist but im apparently having issues finding where its supposed to be placed
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 18th, 2015, 11:03 pm

Hello Vanilla-krypton,

Vanilla-krypton wrote:Well I made the fixlist but im apparently having issues finding where its supposed to be placed

In order to run the fix, the fixlist has to be saved in the same folder as FRST. Unless you have moved it, FRST should be in the following location:
C:\Users\Danielle\Downloads

Please save the fixlist.txt in this location and continue with the instructions in my last post.

Note: Do NOT run the fix more than once! This could cause damage to your computer. If you have any trouble, feel free to let me know.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 20th, 2015, 8:21 pm

Fix result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by Danielle (2015-09-20 19:55:45) Run:1
Running from C:\Users\Danielle\Downloads
Loaded Profiles: Danielle (Available Profiles: Danielle & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR HKLM\...\Chrome\Extension: [fjpbiejamkbdmglmndhcidcodgdffcae] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta771\ch\VideoPlayerV3beta771.crx <not found>
S3 esgiguard; no ImagePath
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
2015-09-09 20:16 - 2013-07-23 15:44 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 20:16 - 2008-08-25 09:31 - 00000000 ____D C:\ProgramData\Symantec
C:\Users\Danielle\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Danielle\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Danielle\AppData\Local\Temp\GotClip_Setup.exe
C:\Users\Danielle\AppData\Local\Temp\installerdll2054655721.dll
C:\Users\Danielle\AppData\Local\Temp\mpam-2c543907.exe
C:\Users\Danielle\AppData\Local\Temp\mpam-7f721943.exe
C:\Users\Danielle\AppData\Local\Temp\SkypeSetup.exe
Strongvault Online Backup (Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Task: {25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {342EF9AD-9494-4A79-8BFA-7C28B7BC1C51} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar]
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Danielle\AppData\Local\Temp\is754907076\MyBabylonTB.exe" /f

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
CMD: REN "C:\Windows\Minidump\Mini090215-01.txt" "Mini090215-01.dmp"
CreateRestorePoint:

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\fjpbiejamkbdmglmndhcidcodgdffcae" => key removed successfully.
esgiguard => service removed successfully.
PCD5SRVC{BD6912E3-AC9D80E8-05040000} => service removed successfully.
C:\ProgramData\Norton => moved successfully
C:\ProgramData\Symantec => moved successfully
C:\Users\Danielle\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Danielle\AppData\Local\Temp\drm_dyndata_7380009.dll => moved successfully
C:\Users\Danielle\AppData\Local\Temp\GotClip_Setup.exe => moved successfully
C:\Users\Danielle\AppData\Local\Temp\installerdll2054655721.dll => moved successfully
C:\Users\Danielle\AppData\Local\Temp\mpam-2c543907.exe => moved successfully
C:\Users\Danielle\AppData\Local\Temp\mpam-7f721943.exe => moved successfully
C:\Users\Danielle\AppData\Local\Temp\SkypeSetup.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}\\SystemComponent => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B}" => key removed successfully.
C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{342EF9AD-9494-4A79-8BFA-7C28B7BC1C51}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342EF9AD-9494-4A79-8BFA-7C28B7BC1C51}" => key removed successfully.
C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Analyzer" => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully.
HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Trolltech => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar => key not found.

========= reg.exe delete "HKEY_USERS\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Danielle\AppData\Local\Temp\is754907076\MyBabylonTB.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

I uninstalled Strongvault and restarted my computer. I'm gonna need help unzipping that folder. I have no clue what I'm doing so I'd like to be certain I'm doing things right.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 21st, 2015, 8:25 am

Hello Vanilla-krypton,

Vanilla-krypton wrote:I'm gonna need help unzipping that folder. I have no clue what I'm doing so I'd like to be certain I'm doing things right.

No problem, I will give you instructions later on how to unzip the file. For now, please follow the steps below.

There is a section from the fixlog.txt missing. Please navigate to the following location:
C:\Users\Danielle\Downloads\fixlog.txt

  • Double-click fixlog.txt to open it.
  • Copy/paste the entire content of fixlog.txt in your next post.

Next..

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


-----------------------------------------
In your next reply, I would like to see..
  • Entire fixlog.txt
  • ESET scan results
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Cypher » September 24th, 2015, 7:46 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware