Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue Screen

Unread postby Vanilla-krypton » September 2nd, 2015, 4:56 pm

Well, I got a new laptop so I don't use my desktop anymore. My brother has been using my desktop mainly and sometimes when I'm not home, so I don't know what he's doing on it. Sometimes my mom uses it, too. So today my mom told me that my computer had blue screened when she was using it and she didn't know what to do. It was probably left on the blue screen for two hours before I got home to fix it. When I walked in it was still blue and I didn't bother to read it honestly, I just turned off my computer then turned it back on a few seconds later. When I booted it up and logged onto my account, I decided to change some startup programs. My computer denied opening the ''change startup programs'' link, but it didn't say anything about the start up programs. It said that windows defender is turned off and it gave me an error, ''Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service.'' Also, I can't access my firewall setting either. Although, I haven't been able to access my firewall settings in a looooong while. On top of everything else, my computer seems to be running slower than usual. Not sure if that has any importance.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005
Run by Danielle at 16:45:57 on 2015-09-02
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.518 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\Razer\Razer Cortex\RzKLService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Danielle\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Razer\Razer Cortex\main.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\WUDFHost.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Spotify Web Helper] "c:\users\danielle\appdata\roaming\spotify\SpotifyWebHelper.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RazerCortex] c:\program files\razer\razer cortex\RazerCortex.exe -autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{67E63B23-21BC-46DB-AD98-4089574A6E5B} : DHCPNameServer = 192.168.1.254
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.157\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R2 Razer Game Scanner Service;Razer Game Scanner;c:\program files\razer\razer services\gss\GameScannerService.exe [2015-5-28 187048]
R2 RzKLService;RzKLService;c:\program files\razer\razer cortex\RzKLService.exe [2015-2-14 129168]
R2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys [2015-2-14 20416]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2014-6-5 1439744]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-25 207360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-12 772296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-6-25 327296]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2015-3-4 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 Origin Client Service;Origin Client Service;c:\program files\origin\OriginClientService.exe [2011-8-19 2007048]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-5-22 20640]
.
=============== Created Last 30 ================
.
2015-09-02 17:42:24 9234960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47b95234-4255-45a6-9c4b-63a13ef6c0b9}\mpengine.dll
2015-09-01 17:41:25 9234960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2015-08-12 13:09:32 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 13:09:31 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 16:47:09.72 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2008 10:07:29 AM
System Uptime: 9/2/2015 4:30:14 PM (0 hours ago)
.
Motherboard: OEM_MB | | IVY8
Processor: AMD Sempron(tm) Dual Core Processor 2200 | Socket AM2 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 45.629 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.505 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Reader X (10.1.12)
CameraHelperMsi
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DVD Play
Enhanced Multimedia Keyboard Solution
erLT
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPTCSSetup
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.2
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Play System (Patching)
NVIDIA Drivers
Origin
PCIe Soft Data Fax Modem with SmartCP
Python 2.5.2
Razer Cortex
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 7.7
Spotify
Strongvault Online Backup
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player
.
==== End Of File ===========================
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm
Advertisement
Register to Remove

Re: Blue Screen

Unread postby mAL_rEm018 » September 5th, 2015, 4:54 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hello Vanilla-krypton,

My name is mAL_rEm018, but feel free to call me mAL :). I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 6th, 2015, 9:53 am

Alright
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 6th, 2015, 12:06 pm

Hello Vanilla-krypton,

Please answer the following questions..
  • Did you install Strongvault Online Backup intentionally?
  • Is Norton still installed on your computer?

Please do the following..

Backup your registry using TCRB
  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

  • Download FRST to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Adwcleaner
  • Please download AdwCleaner to your Desktop from here.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point

-----------------------------------------
In your next reply, I would like to see..
  • Answer to my questions.
  • FRST.txt
  • Addition.txt
  • AdwCleaner log
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 6th, 2015, 1:03 pm

No I didn't. And I'm not sure. I did have it in the past but my trial expired so I started using avast.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-09-2015 01
Ran by Danielle (administrator) on SENNSTROM-HOME (06-09-2015 12:59:22)
Running from C:\Users\Danielle\Downloads
Loaded Profiles: Danielle (Available Profiles: Danielle & Guest)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\RzKLService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Danielle\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\main.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RazerCortex] => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe [98256 2015-06-05] (Razer Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\RunOnce: [94_1948685863361] => C:\Users\Danielle\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat [371 2015-09-04] ()
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Run: [Spotify Web Helper] => C:\Users\Danielle\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{67E63B23-21BC-46DB-AD98-4089574A6E5B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2767167476-1858105450-2367976372-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\dv9qb26k.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.ecosia.org/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2767167476-1858105450-2367976372-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danielle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-15] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\dv9qb26k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

Chrome:
=======
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (Don't Fall!) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfiggjmpgelmocdfipjbddjbnbmcfepb [2014-11-28]
CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Give Up) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2014-11-28]
CHR Extension: (Free Rider HD) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Causality Games) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-11-28]
CHR Extension: (Snake) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmokkdndehlgfklkghmlcphifmnlfkhp [2014-11-28]
CHR Extension: (Manyland) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\geieilhcelplmpfhepdoggckhmfaanmp [2014-11-28]
CHR Extension: (Dark atmosphere) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Happy Wheels) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2014-11-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (PacMan Advanced) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdmffjghfdhgmjohekbbfgagpifiiapf [2014-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR HKLM\...\Chrome\Extension: [fjpbiejamkbdmglmndhcidcodgdffcae] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta771\ch\VideoPlayerV3beta771.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2007048 2015-08-20] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-05-28] ()
R2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-03-10] (Razer, Inc.)
S3 esgiguard; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
U3 mbr; \??\C:\Users\Danielle\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 12:59 - 2015-09-06 12:59 - 00014622 _____ C:\Users\Danielle\Downloads\FRST.txt
2015-09-06 12:59 - 2015-09-06 12:59 - 00000000 ____D C:\FRST
2015-09-06 12:58 - 2015-09-06 12:58 - 01692160 _____ (Farbar) C:\Users\Danielle\Downloads\FRST.exe
2015-09-06 12:58 - 2015-09-06 12:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SENNSTROM-HOME-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2015-09-06 12:57 - 2015-09-06 12:57 - 00001978 _____ C:\Users\Danielle\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-06 12:57 - 2015-09-06 12:57 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-06 12:57 - 2015-09-06 12:57 - 00000000 ____D C:\Program Files\Tweaking.com
2015-09-06 12:56 - 2015-09-06 12:57 - 04687184 _____ (Tweaking.com) C:\Users\Danielle\Downloads\tweaking.com_registry_backup_setup.exe
2015-09-04 19:12 - 2015-09-04 19:12 - 00000029 _____ C:\Users\Danielle\Desktop\wifi network.txt
2015-09-04 19:05 - 2015-09-06 12:59 - 00000000 ____D C:\Users\Danielle\AppData\Local\LogMeIn Rescue Applet
2015-09-02 16:47 - 2015-09-02 16:47 - 00007335 _____ C:\Users\Danielle\Desktop\dds.txt
2015-09-02 16:47 - 2015-09-02 16:47 - 00003359 _____ C:\Users\Danielle\Desktop\attach.txt
2015-09-02 16:45 - 2015-09-02 16:45 - 00688992 ____R (Swearware) C:\Users\Danielle\Downloads\dds.scr
2015-09-02 16:30 - 2015-09-02 16:30 - 274755559 _____ C:\Windows\MEMORY.DMP
2015-09-02 16:30 - 2015-09-02 16:30 - 00140048 _____ C:\Windows\Minidump\Mini090215-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 13:00 - 2009-02-21 10:18 - 00000424 ____H C:\Windows\Tasks\User_Feed_Synchronization-{153C7F06-C33C-4344-9301-9EF00F17085C}.job
2015-09-06 12:33 - 2014-11-26 14:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-06 12:30 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 12:30 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 12:09 - 2012-04-29 11:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 03:33 - 2014-11-26 14:57 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-05 16:41 - 2008-09-04 10:11 - 02526702 _____ C:\Windows\WindowsUpdate.log
2015-09-03 04:35 - 2014-11-26 14:58 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 16:58 - 2012-08-19 16:30 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Skype
2015-09-02 16:37 - 2012-08-19 16:29 - 00000000 ____D C:\ProgramData\Skype
2015-09-02 16:30 - 2009-02-28 11:01 - 00000000 ____D C:\Windows\Minidump
2015-09-02 16:30 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 19:26 - 2008-12-07 20:17 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-08-20 16:54 - 2011-12-28 23:23 - 00000000 ____D C:\ProgramData\Origin
2015-08-20 16:28 - 2011-12-28 23:22 - 00000000 ____D C:\Program Files\Origin
2015-08-12 09:09 - 2012-04-29 11:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 09:09 - 2012-01-22 15:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-09 16:35 - 2008-12-03 22:31 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForDanielle.job

==================== Files in the root of some directories =======

2012-05-03 16:34 - 2015-07-05 09:32 - 0000888 _____ () C:\Users\Danielle\AppData\Roaming\wklnhst.dat
2013-01-16 01:03 - 2013-01-16 01:03 - 0000552 _____ () C:\Users\Danielle\AppData\Local\d3d8caps.dat
2008-12-04 16:38 - 2015-06-30 10:00 - 0000680 _____ () C:\Users\Danielle\AppData\Local\d3d9caps.dat
2008-12-05 09:49 - 2014-07-31 12:28 - 0017408 _____ () C:\Users\Danielle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-25 09:13 - 2008-08-25 09:14 - 0000349 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Danielle\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Danielle\AppData\Local\Temp\GotClip_Setup.exe
C:\Users\Danielle\AppData\Local\Temp\installerdll2054655721.dll
C:\Users\Danielle\AppData\Local\Temp\mpam-2c543907.exe
C:\Users\Danielle\AppData\Local\Temp\mpam-7f721943.exe
C:\Users\Danielle\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-06 05:01

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Danielle (2015-09-06 13:00:26)
Running from C:\Users\Danielle\Downloads
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2008-09-04 14:07:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2767167476-1858105450-2367976372-500 - Administrator - Disabled)
Danielle (S-1-5-21-2767167476-1858105450-2367976372-1000 - Administrator - Enabled) => C:\Users\Danielle
Guest (S-1-5-21-2767167476-1858105450-2367976372-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.5411 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4861.15 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Demo (HKLM\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.3.4292.2709 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Play System (Patching) (HKLM\...\Network Play System (Patching)) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 5.5.31.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Strongvault Online Backup (Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
The Sims 2 Family Fun Stuff (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version: - )
The Sims 2 Glamour Life Stuff (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
The Sims 2 Open For Business (HKLM\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
The Sims 2 Pets (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
The Sims 2 University (HKLM\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version: - )
The Sims™ 2 Apartment Life (HKLM\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
The Sims™ 2 Double Deluxe (HKLM\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version: - Electronic Arts)
The Sims™ 2 FreeTime (HKLM\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
The Sims™ 2 IKEA® Home Stuff (HKLM\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
The Sims™ 2 Kitchen & Bath Interior Design Stuff (HKLM\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
The Sims™ 2 Mansion and Garden Stuff (HKLM\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
The Sims™ 2 Seasons (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
The Sims™ 2 Teen Style Stuff (HKLM\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-07-2015 11:27:54 Scheduled Checkpoint
31-07-2015 10:59:33 Scheduled Checkpoint
07-08-2015 14:47:02 Scheduled Checkpoint
16-08-2015 16:55:21 Scheduled Checkpoint
18-08-2015 02:58:47 Scheduled Checkpoint
19-08-2015 01:42:51 Scheduled Checkpoint
20-08-2015 00:00:03 Scheduled Checkpoint
21-08-2015 00:55:58 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-07-18 12:04 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E68783-7001-4B91-858F-2BF018A702C4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {25B2DF22-3C77-4A5E-BFD9-84A4FD99B44B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {342EF9AD-9494-4A79-8BFA-7C28B7BC1C51} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.6.3\SymErr.exe
Task: {58BEC6FB-B1C2-481B-AD80-DF89D3F906E6} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {76F8B4E1-E197-49E6-9B5E-7EA97F4F5C33} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMPMLMPMPMLJOMNMKMCNKJMJJJJMCNLMKMLMOJCNHMMJHMHMCNNJLMOJNMKJPMOJLMIMGMLJOJJNJICMIMCNLMCNNMFMIMCNPMCNJMPMPMOMFMJMCNPMCNJMPMPMOMCNNMJNPICMPMFMFMMMMMJNHICMNJKIBJPMOMJNBJCMLLOJBJGJKJDJDJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {793BCAB2-0A80-40D0-A6D5-3071BE88D477} - System32\Tasks\HPCeeScheduleForDanielle => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {7B45B33D-8335-4355-8922-AF2AD7AA4753} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {819C8B06-671E-4F15-BCAF-9D9310D4F2FE} - System32\Tasks\avastBCLRestartS-1-5-21-2767167476-1858105450-2367976372-1000 => Firefox.exe
Task: {A04EF1F8-4D2B-4880-A9AC-FBD3F859A27A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Danielle => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {A4D6192D-2A9B-4F6C-B946-3659A202AD14} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {A4EC0100-76A3-4BBF-B702-E499C8B41D19} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.)
Task: {BA415AF0-7697-49EC-8D44-E6C4D6BE0E00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {D81F77EE-2004-4379-8FBE-7A2200283A7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD75CDFB-0EF3-461A-A193-0DFB291DF32C} - System32\Tasks\{5B770A6B-ED5E-4A11-BB52-0F17C0B8AD34} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\PackageInstaller.exe" -d "C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin"
Task: {E0C1436B-1E78-478B-829E-33E9DD71F952} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDanielle.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{153C7F06-C33C-4344-9301-9EF00F17085C}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-28 20:13 - 2015-05-28 20:13 - 00187048 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2015-02-14 21:43 - 2015-06-05 17:54 - 00264192 _____ () C:\Program Files\Razer\Razer Cortex\D3DX8Wrapper.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-08-12 09:09 - 2015-08-12 09:09 - 17482952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2767167476-1858105450-2367976372-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danielle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (09/05/2015 04:42:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/05/2015 04:42:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/05/2015 04:41:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1639.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/04/2015 04:42:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/04/2015 04:42:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/04/2015 04:41:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1539.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/03/2015 04:47:17 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/03/2015 04:47:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %NT AUTHORITY15

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/03/2015 04:41:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1374.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/02/2015 04:32:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE


Microsoft Office:
=========================
Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG

Error: (09/02/2015 04:39:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROWS.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL\ARROW-UP.PNG

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL

Error: (09/02/2015 04:39:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10@2X.PNG

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG

Error: (09/02/2015 04:39:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DANIELLE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\BLACK-ON-WHITE\TICKED_NOT_10X10.PNG


CodeIntegrity:
===================================
Date: 2014-07-16 12:57:31.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:30.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-16 12:57:29.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Sempron(tm) Dual Core Processor 2200
Percentage of memory in use: 55%
Total physical RAM: 1917.76 MB
Available physical RAM: 854.8 MB
Total Virtual: 4080.74 MB
Available Virtual: 2538.59 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:138.03 GB) (Free:45.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I'm gonna post the last one in a second. I wasn't sure if it would fit in this reply.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby Vanilla-krypton » September 6th, 2015, 1:08 pm

# AdwCleaner v5.005 - Logfile created 06/09/2015 at 13:05:24
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Username : Danielle - SENNSTROM-HOME
# Running from : C:\Users\Danielle\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Windows\Reimage.ini

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : GoforFilesUpdate

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7357A44B-D09F-40DA-9B0B-639C741A471D}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\BrowseForTheCause
Key Found : HKLM\SOFTWARE\Video Player
Key Found : HKLM\SOFTWARE\VideoPlayerV3
Key Found : HKLM\SOFTWARE\Better-Surf
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{220FB035-4744-483A-9A0B-41DF77061583}

***** [ Web browsers ] *****

[C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1852 bytes] ##########
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 6th, 2015, 4:23 pm

Hello Vanilla-krypton,

I need you to run further scans..

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Services.exe;Explorer.exe

    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

RogueKiller
  • Please download RogueKiller and save it to your desktop.
  • Right-click on RogueKiller.exe and select Run as administrator
  • The tool will now start to run a Prescan, wait until it is finished.
  • When the Prescan is over, select Scan.
  • Once the Scan has finished, click on Report.
  • A window entitled Rogue Killer will open, please post the contents in your next reply.

You mentioned that your computer experienced a Blue Screen. I would like to see the Minidump file that Windows created when your computer crashed.


Please navigate to the following location:
C:\Windows\Minidump\Mini090215-01.dmp

  • Rename Mini090215-01.dmp to Mini090215-01.txt
  • This can be done by right-clicking on Mini090215-01.dmp and selecting Rename.
  • Please attach Mini090215-01.txt in your next reply.
  • If you have any problem doing this, please let me know and I will give you further instructions.

-----------------------------------------
In your next reply, I would like to see..
  • Search.txt
  • RogueKiller report
  • Attached minidump file
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 7th, 2015, 9:32 pm

I was going to do all that today, but I had to go somewhere. I'll try to get to it as soon as I can tomorrow, I'm sorry.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 7th, 2015, 10:00 pm

Vanilla-krypton wrote:I was going to do all that today, but I had to go somewhere. I'll try to get to it as soon as I can tomorrow, I'm sorry.

No problem :) Please post the logs when ready.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 8th, 2015, 8:55 pm

Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Danielle (2015-09-08 20:11:52)
Running from C:\Users\Danielle\Downloads
Boot Mode: Normal

================== Search Files: "Services.exe;Explorer.exe" =============

C:\Windows\explorer.exe
[2014-01-13 22:23][2009-04-11 00:27] 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253 [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2014-01-13 22:23][2009-04-11 00:28] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 22:34][2008-01-20 22:34] 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2014-01-13 22:23][2009-04-11 00:27] 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253 [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011-10-22 15:15][2008-10-29 23:59] 2927616 ____A (Microsoft Corporation) 50BA5850147410CDE89C523AD3BC606E [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011-10-22 15:15][2008-10-29 02:29] 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008-01-20 22:34][2008-01-20 22:34] 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011-10-22 15:15][2008-10-27 22:15] 2923520 ____A (Microsoft Corporation) E7156B0B74762D9DE0E66BDCDE06E5FB [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011-10-22 15:15][2008-10-29 02:20] 2923520 ____A (Microsoft Corporation) 37440D09DEAE0B672A04DCCF7ABF06BE [File is digitally signed]

C:\Windows\System32\services.exe
[2014-01-13 22:23][2009-04-11 00:28] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B [File is digitally signed]

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-01-22 14:26][2009-04-11 02:27] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B [File is digitally signed]

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012-01-22 14:27][2009-04-11 02:27] 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253 [File is digitally signed]

====== End of Search ======

On the Rogue Killer thing there wasn't really anything to post the contents of? I did click the report button but there wasn't anything there but a few options at the bottom. Options were to export or open html's or txt's. I opened a txt and decided to copy and paste it. I hope it's what you're looking for.

RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Danielle [Administrator]
Started from : C:\Users\Danielle\Downloads\RogueKiller.exe
Mode : Scan -- Date : 09/08/2015 20:45:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\Danielle\AppData\Local\Temp\mbr.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\Danielle\AppData\Local\Temp\mbr.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] dv9qb26k.default : user_pref("browser.startup.homepage", "https://www.ecosia.org/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5395fe07be3a0f2484cc6abbb3e09006
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 141345 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 289475235 | Size: 11280 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

I changed the document type to txt on the minidump, but I can't open it for some reason to copy and paste it here. Did you want me to literally attach it to my reply?
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 8th, 2015, 8:59 pm

Vanilla-krypton wrote:I changed the document type to txt on the minidump, but I can't open it for some reason to copy and paste it here. Did you want me to literally attach it to my reply?

Yes, please attach it. If you have any trouble doing so, please let me know.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby mAL_rEm018 » September 9th, 2015, 10:16 am

Hello Vanilla-krypton,

Please do the following..

Norton Removal Tool
  • Please download the Norton Removal Tool to your desktop.
  • Right-click on Norton_Removal_Tool.exe and select Run as administrator.
  • Select I accept the license Agreement and Next.
  • Follow carefully the instructions on the screen.
    The removal process might take a while.
  • Once the process is over, click on Finish.
  • Please restart your computer to make sure all the necessary changes have been made.

I need you to run a search..
  • Please download System look to your desktop.
  • Right-click on SystemLook.exe and select Run as administrator.
  • A window will open. Copy/paste the following inside the window:
    Code: Select all
    :filefind
    *babylon*
    *Bandoo*
    *CleverSearch*
    *conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *kelkoopartners*
    *Lucky Searches*
    *Luckysearches*
    *QuickSurf*
    *Searchnu*
    *Searchqu*
    *SharkManCoupon*
    *sushileads*
    *SweetIM*
    *SweetPacks*
    *TidyNetwork*
    *trolltech*
    *whitesmoke*
    *Wordinator*
    *WordSurfer*
    
    :folderfind
    *babylon*
    *Bandoo*
    *CleverSearch*
    *conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *kelkoopartners*
    *Lucky Searches*
    *Luckysearches*
    *QuickSurf*
    *Searchnu*
    *Searchqu*
    *SharkManCoupon*
    *sushileads*
    *SweetIM*
    *SweetPacks*
    *TidyNetwork*
    *trolltech*
    *whitesmoke*
    *Wordinator*
    *WordSurfer*
    
    :Regfind
    babylon
    Bandoo
    CleverSearch
    conduit
    datamngr
    Fun4IM
    iLivid
    kelkoopartners
    Lucky Searches
    Luckysearches
    QuickSurf
    Searchnu
    Searchqu
    SharkManCoupon
    sushileads
    SweetIM
    SweetPacks
    TidyNetwork
    trolltech
    whitesmoke
    Wordinator
    WordSurfer
    
  • Select Look and the scan will start.
  • After the scan is finished a window will open. Please post the content in your next reply.

Next..

I need to see a fresh FRST log..

  • Right-click on FRST.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

I still need to see the minidump file. Please do the following..

  • Before posting, select Upload attachment.
  • Click Browse.., located under Filename:
  • Navigate to the following location:
    C:\Windows\Minidump\Mini090215-01.txt
  • Select the file and click on Open.
  • Click on Submit.
    The attached file should now be uploaded. If it did not work, let me know and we will find another solution :)


-----------------------------------------
In your next reply, I would like to see..
  • System Look log
  • FRST.txt
  • Addition.txt
  • Attached minidump file.
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Screen

Unread postby Vanilla-krypton » September 9th, 2015, 8:22 pm

I uninstalled Norton with the uninstaller, and after it was done it recommended that I turn on my firewall. I went to my firewall settings to turn it on but a thing came up and said due to unidentified problems the firewall settings couldn't be shown. I've had problems in the past with opening my firewall to turn it on. I don't even remember ever opening it because I've always gotten that message. Is something wrong to where I can't open it? Or is it maybe just my Avast security that won't let it open. I think I remember something about other security programs not letting you access your firewall settings so that's why I suggested maybe Avast was causing it. I don't know though.

I'm about to restart my computer then start on the next task :)
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby Vanilla-krypton » September 9th, 2015, 9:05 pm

Ok so I started the scan on System Look. I have no clue what happened, but like everything is kinda frozen and Microsoft Visual C++ Library Runtime popped up, but there's nothing there? Like the white space that's supposed to have text is gone. It's just the outline of the box and the name of the program at the top. I was moving it around and it did that thing where it duplicates and leaves like a trail behind it whenever you move it. I did everything exactly as you said so I'm not sure what's going on.
Vanilla-krypton
Regular Member
 
Posts: 91
Joined: January 6th, 2014, 8:59 pm

Re: Blue Screen

Unread postby mAL_rEm018 » September 10th, 2015, 12:05 am

Hello Vanilla-krypton,

Vanilla-krypton wrote:I went to my firewall settings to turn it on but a thing came up and said due to unidentified problems the firewall settings couldn't be shown.

Thank you for letting me know about the issue with your Firewall. We will deal with it later. For now, please follow the rest of the steps in my last post (fresh FRST scan, attached minidump file).

Vanilla-krypton wrote:Ok so I started the scan on System Look. I have no clue what happened, but like everything is kinda frozen and Microsoft Visual C++ Library Runtime popped up, but there's nothing there? Like the white space that's supposed to have text is gone. It's just the outline of the box and the name of the program at the top. I was moving it around and it did that thing where it duplicates and leaves like a trail behind it whenever you move it. I did everything exactly as you said so I'm not sure what's going on.

No problem. Please disregard this step for now. We will use another program to do the search later.

-----------------------------------------
In your next reply, I would like to see..
  • FRST.txt
  • Addition.txt
  • Attached minidump file.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 394 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware