Hi,
I did reboot computer after combofix, but did it again. Rebooted my modem. I can get an interconnection connection, just can't access some sites, I can't get onto pages like Hotmail, face book, but can access my favourite's like BBC weather, viovet, 3 out of 4 banks.
Tried to run ESET scan three times & comp crashes each time.
Can you experiment and see if these sites can connect while in safe mode?
Do you have Java blocked?
https://support.mozilla.org/en-US/kb...lug=JavaScript
Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache. Note: This will temporarily log you out of all sites you're logged in to. To clear cache and cookies do the following:
Go to Firefox > History > Clear recent history or (if no Firefox button is shown) go to Tools > Clear recent history.
Under "Time range to clear", select "Everything".
Now, click the arrow next to Details to toggle the Details list active.
From the details list, check Cache and Cookies and uncheck everything else.
Now click the Clear now button.
*************************************
To delete cookies for IE
On the Start screen, tap or click Internet Explorer to open Internet Explorer.
Swipe in from the right edge of the screen, and then tap Settings.
(If you're using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Settings.)
Tap or click Options, and then, under History, tap or click Select.
Select the Cookies check box, and then tap or click Delete.
Clearing the cache for IE
Open Internet Explorer.
IE 8: From the Tools menu choose Internet Options. ...
On the General tab, under Browsing history, click Delete.
Un-check the Preserve Favorites website data box.
Check the Temporary Internet files, Cookies, and History boxes.
Reset the IP/DNS settings of your interent connection:
- Go to Start -> Control Panel -> Double click on Network Connections.
- Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
- Select the General tab.
- Double click on Internet Protocol (TCP/IP).
Under General tab:- Select "Obtain an IP address automatically".
- Select "Obtain DNS server address automatically".
- Click OK twice to save the settings.
- Reboot if you had to change any setting.
4. Flush the DNS cache:
- Click the Start logo in the bottom left corner of the screen
- Type in cmd.exe
- In the command window copy/paste the following (one at a time):
Code:ipconfig /flushdns netsh winsock reset- Then hit enter.
- Exit the command window.
I would like to see a new FRST log.
- Please
- Run FRST (Farbar's Recovery Scan Tool)
(It may ask you to update the program, please do)
- Donīt change the checkboxes just click on Scan.
- Logfiles are created on your desktop.
- Post the FRST.txt
- Please ensure the check box for Addition.txt is ticked.- Please also paste that along with the FRST.txt into your reply.
Last edited by Juliet; 2014-08-30 at 00:20. Reason: typo
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi,
Tried the link for java and I just get a blank page.
Rebooted into safe mode & I have no internet connection at all - "no network available in safe mode"
Deleted cookies from I.E
When flushing dns "netsh winsock reset" message came up "The requested operation requires elevation. Run as Adminstrator". (I am in admin mode anyway).
Here's FRST & Add logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014
Ran by WIN7 (administrator) on ASPIRE-T180 on 30-08-2014 09:48:21
Running from C:\Users\WIN7\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1839434062-3037775892-936306819-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
BootExecute: autocheck autochk * /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0B8D479E7A6CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - DefaultScope {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {33D9335B-0A5E-4AA2-8CA5-5A230AE6292E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A67C8099-78A4-4BF8-869D-42FE0F75BCE9} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5704168A-B32C-447A-B678-72C32D94FB6F}: [NameServer] 88.82.13.12 88.82.13.12
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR CustomProfile: C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl48dd0433; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A431A6-9B75-41C9-9626-8BF610BEF622}\MpKsl48dd0433.sys [39464 2014-08-29] (Microsoft Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-07-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2011-11-23] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-08-28] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-30 09:47 - 2014-08-30 09:47 - 00000000 ____D () C:\Users\WIN7\Desktop\FRST-OlderVersion
2014-08-29 21:39 - 2014-08-29 21:39 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 10:15 - 2014-08-29 10:15 - 00016084 _____ () C:\ComboFix.txt
2014-08-29 09:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-29 09:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-29 09:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-29 09:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-29 09:47 - 2014-08-29 10:15 - 00000000 ____D () C:\Qoobox
2014-08-29 09:46 - 2014-08-29 10:11 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 09:40 - 2014-08-29 09:40 - 05576760 ____R (Swearware) C:\Users\WIN7\Desktop\ComboFix.exe
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Program Files\NirSoft
2014-08-28 23:05 - 2014-08-29 10:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 23:04 - 2014-08-28 23:04 - 00001004 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-08-28 22:59 - 2014-08-28 22:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 22:46 - 2014-08-28 22:46 - 00009405 _____ () C:\Users\WIN7\Desktop\AdwCleaner[S0].txt
2014-08-28 22:37 - 2014-08-28 22:39 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:21 - 2014-08-28 22:21 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-28 22:21 - 2014-08-28 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 22:20 - 2014-08-28 22:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-28 22:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 22:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 22:13 - 2014-08-28 22:13 - 01016261 _____ (Thisisu) C:\Users\WIN7\Desktop\JRT.exe
2014-08-28 22:11 - 2014-08-28 22:11 - 01364531 _____ () C:\Users\WIN7\Desktop\AdwCleaner.exe
2014-08-28 19:56 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 19:56 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 12:36 - 2014-08-28 19:04 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 12:34 - 2014-08-28 12:35 - 04851288 _____ () C:\Users\WIN7\Desktop\RogueKiller.exe
2014-08-28 12:29 - 2014-08-29 16:37 - 00020328 _____ () C:\Windows\PFRO.log
2014-08-28 11:57 - 2014-08-30 09:49 - 00010570 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-08-28 11:50 - 2014-08-30 09:47 - 01095680 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-08-27 09:47 - 2014-08-29 22:38 - 00001680 _____ () C:\Windows\setupact.log
2014-08-27 09:47 - 2014-08-27 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-27 09:46 - 2014-08-28 22:34 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 20:18 - 2014-08-26 20:18 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 18:42 - 2014-08-26 18:42 - 00002207 _____ () C:\Users\WIN7\Desktop\aswMBR.txt
2014-08-26 18:42 - 2014-08-26 18:42 - 00000512 _____ () C:\Users\WIN7\Desktop\MBR.dat
2014-08-26 15:16 - 2014-08-26 15:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 12:46 - 2014-08-30 09:48 - 00000000 ____D () C:\FRST
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 11:13 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-26 11:10 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-26 11:06 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-26 11:04 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 11:21 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 11:21 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 11:21 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 11:21 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 11:20 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-23 11:20 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-23 11:20 - 2014-07-25 14:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-23 11:20 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-23 11:20 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-23 11:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-23 11:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-23 11:20 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-23 11:20 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-23 11:20 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-23 11:20 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-23 11:20 - 2014-07-25 13:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-23 11:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-23 11:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-23 11:20 - 2014-07-25 12:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-23 11:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-23 11:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-23 11:20 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-23 11:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-23 11:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-23 11:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-23 11:20 - 2014-07-25 12:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-23 11:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-23 11:20 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-23 11:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-23 11:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-23 11:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-23 11:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-23 11:19 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-23 11:16 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 11:16 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 11:16 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 11:16 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-23 11:15 - 2014-08-07 02:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-23 11:15 - 2014-08-07 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-23 11:15 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:31 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 18:30 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 18:29 - 2014-08-06 18:30 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-01 20:15 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 20:15 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 20:15 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 20:15 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 20:14 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 20:14 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 20:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 20:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-30 09:49 - 2014-08-28 11:57 - 00010570 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-08-30 09:48 - 2014-08-26 12:46 - 00000000 ____D () C:\FRST
2014-08-30 09:47 - 2014-08-30 09:47 - 00000000 ____D () C:\Users\WIN7\Desktop\FRST-OlderVersion
2014-08-30 09:47 - 2014-08-28 11:50 - 01095680 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-08-30 09:36 - 2012-04-19 08:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 08:59 - 2011-11-22 22:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 03:00 - 2011-11-16 18:59 - 01050393 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 01:59 - 2011-11-22 22:24 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-29 22:46 - 2009-07-14 05:34 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 22:46 - 2009-07-14 05:34 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 22:38 - 2014-08-27 09:47 - 00001680 _____ () C:\Windows\setupact.log
2014-08-29 22:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 21:39 - 2014-08-29 21:39 - 00000000 ____D () C:\Program Files\ESET
2014-08-29 16:37 - 2014-08-28 12:29 - 00020328 _____ () C:\Windows\PFRO.log
2014-08-29 10:23 - 2014-08-28 23:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 10:15 - 2014-08-29 10:15 - 00016084 _____ () C:\ComboFix.txt
2014-08-29 10:15 - 2014-08-29 09:47 - 00000000 ____D () C:\Qoobox
2014-08-29 10:15 - 2013-05-10 14:13 - 00000000 ____D () C:\Users\TEMP
2014-08-29 10:15 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-08-29 10:15 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-08-29 10:11 - 2014-08-29 09:46 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 10:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 10:08 - 2011-11-23 15:59 - 00000000 ____D () C:\Users\WIN7\AppData\Local\Adobe
2014-08-29 09:40 - 2014-08-29 09:40 - 05576760 ____R (Swearware) C:\Users\WIN7\Desktop\ComboFix.exe
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-29 09:37 - 2014-08-29 09:37 - 00000000 ____D () C:\Program Files\NirSoft
2014-08-29 00:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-28 23:04 - 2014-08-28 23:04 - 00001004 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-08-28 22:59 - 2014-08-28 22:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 22:46 - 2014-08-28 22:46 - 00009405 _____ () C:\Users\WIN7\Desktop\AdwCleaner[S0].txt
2014-08-28 22:39 - 2014-08-28 22:37 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:34 - 2014-08-27 09:46 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:21 - 2014-08-28 22:21 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-28 22:21 - 2014-08-28 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 22:21 - 2014-08-28 22:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-28 22:21 - 2011-11-19 19:38 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Malwarebytes
2014-08-28 22:20 - 2011-11-19 19:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 22:20 - 2011-11-19 19:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-28 22:13 - 2014-08-28 22:13 - 01016261 _____ (Thisisu) C:\Users\WIN7\Desktop\JRT.exe
2014-08-28 22:11 - 2014-08-28 22:11 - 01364531 _____ () C:\Users\WIN7\Desktop\AdwCleaner.exe
2014-08-28 19:04 - 2014-08-28 12:36 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 18:22 - 2011-11-19 19:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 12:35 - 2014-08-28 12:34 - 04851288 _____ () C:\Users\WIN7\Desktop\RogueKiller.exe
2014-08-28 11:34 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-27 16:16 - 2011-11-16 19:06 - 00000000 ____D () C:\Users\Administrator
2014-08-27 09:48 - 2011-11-19 18:50 - 00000000 ____D () C:\Users\WIN7
2014-08-27 09:47 - 2014-08-27 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-27 02:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-26 20:18 - 2014-08-26 20:18 - 00109280 _____ () C:\Users\WIN7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 20:17 - 2010-11-20 22:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 18:42 - 2014-08-26 18:42 - 00002207 _____ () C:\Users\WIN7\Desktop\aswMBR.txt
2014-08-26 18:42 - 2014-08-26 18:42 - 00000512 _____ () C:\Users\WIN7\Desktop\MBR.dat
2014-08-26 15:16 - 2014-08-26 15:16 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 12:38 - 2014-08-26 12:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASPIRE-T180-Microsoft-Windows-7-Professional-(32-bit).dat
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\RegBackup
2014-08-26 12:32 - 2014-08-26 12:32 - 00002161 _____ () C:\Users\WIN7\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-26 12:32 - 2014-08-26 12:32 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-26 12:30 - 2014-08-26 12:30 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-26 11:33 - 2011-11-16 23:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-26 11:32 - 2013-08-09 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-26 11:26 - 2011-11-16 19:18 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-26 10:57 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-25 14:23 - 2012-01-03 10:15 - 00068955 _____ () C:\Users\WIN7\Desktop\My Bits.xlsx
2014-08-24 11:22 - 2012-08-29 15:55 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-23 11:46 - 2013-12-05 14:58 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-23 11:31 - 2012-09-26 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-23 11:29 - 2012-09-26 16:34 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
2014-08-23 02:46 - 2014-08-28 19:56 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:42 - 2014-08-28 19:56 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-07 02:43 - 2014-08-23 11:15 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 02:39 - 2014-08-23 11:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 18:59 - 2011-11-25 19:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-06 18:47 - 2012-08-24 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 18:47 - 2011-11-22 22:25 - 00000945 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 18:45 - 2011-11-22 22:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 18:38 - 2013-10-22 16:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 18:30 - 2014-08-06 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 18:30 - 2014-08-06 18:29 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-06 18:30 - 2013-07-23 13:45 - 00000000 ____D () C:\Program Files\Java
2014-08-02 20:12 - 2012-05-19 18:36 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\vlc
2014-08-01 00:16 - 2014-08-23 11:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 00:46
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014
Ran by WIN7 at 2014-08-30 09:50:21
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{C2F3460B-0C14-4A85-A330-5D1D5028C496}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Rapport (Version: 3.5.1307.93 - Trusteer) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1839434062-3037775892-936306819-1002_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Restore Points =========================
29-08-2014 16:15:53 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-08-29 10:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {027FA0F9-CB3C-454B-8F69-0550F794775B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
Task: {3B1E717E-CA20-4A72-AB2A-017D73973D74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {42DD3EAE-7014-477F-A384-C298EDD3621C} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {8500E2CD-2768-4F21-818D-586F22548EEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D4D142C7-4336-4CDE-9A9D-812E25103649} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-03-11 13:50 - 2014-07-04 13:03 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-04-13 03:05 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/29/2014 10:40:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/29/2014 09:58:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/29/2014 09:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/29/2014 04:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/29/2014 03:49:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 11:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 11:29:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/28/2014 11:23:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/29/2014 10:38:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
%%2
Error: (08/29/2014 10:38:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:17:51 on 29/08/2014 was unexpected.
Error: (08/29/2014 09:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
%%2
Error: (08/29/2014 09:56:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:30:08 on 29/08/2014 was unexpected.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (08/29/2014 09:37:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Microsoft Office Sessions:
=========================
Error: (12/19/2012 11:11:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/19/2012 11:10:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3548 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (09/27/2012 04:41:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 67%
Total physical RAM: 767.54 MB
Available physical RAM: 249.65 MB
Total Pagefile: 1791.54 MB
Available Pagefile: 1069.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.96 MB
==================== Drives ================================
Drive c: (Windows & Prog Files) (Fixed) (Total:40.04 GB) (Free:13.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:50.75 GB) (Free:50.07 GB) NTFS
Drive e: (Backup) (Fixed) (Total:62.5 GB) (Free:49.73 GB) NTFS
Drive k: (Classic SL) (Fixed) (Total:74.53 GB) (Free:33.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: CF815C69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=62.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 45290D0F)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
The java page may have no reference to whats going on, what it was to tell us was if you were running Java No Script.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.start
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Hosts:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******************
Download Windows Repair (all in one) from this site
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Then
Go to Step 4 and under "System Restore" click on Create button:
Then
Go to Start Repairs tab and click Start button.
On the start repairs tab click start
Select the following items and tick restart system when finished
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode
Click on box next to the Restart System when Finished. Then click on Start.
*******************
- Go to here
- Click the download button under Kaspersky Security Scan
- Download and run the file
- It will start to download the Kaspersky Security Scan program data
- Once downloaded the installer will begin
- Click Next
- Accept the License Agreement
- Click Install
- The program will now install
- Click Finish
- Kaspersky Security Scan will now start
- Click the Full Scan button
- The scan will take about an hour or two depending on the amount of data on your hard drive
- If the scan detects problems it will open a Problems found window
- Click Details to generate a scan results report
- Once the scan is complete do the following:
- For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot- Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
- Attach the HtmlReport zipped folder to your next post
- You can now close Kaspersky Security Scan
***
Please post:
Fixlog.txt
Kaspersky Security Scan log
**
Also update on how the computer is at the moment.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi,
Computer still crashing - couldn't run Kaspersky.
What I did try was to see if I could open the websites in Chrome, which I can. I also run the Eset scan through Chrome & it completed no prob so I have posted that log. Poss I.E problem? Chrome loads quickly, I.E take a minute to load.
Completed all the other steps above.
Fix Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-08-2014
Ran by WIN7 at 2014-08-30 18:22:28 Run:4
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-30] (GFI Software)
C:\Windows\System32\drivers\gfibto.sys
S3 catchme; \??\C:\Users\WIN7\AppData\Local\Temp\catchme.sys [X]
Task: {2735ACBF-FC7C-4D90-9FF2-4CA3017C9515} - System32\Tasks\RunAsStdUser Task => C:\Users\WIN7\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {A754BB9B-B383-4264-8B2E-A6864EF23E7A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Hosts:
End
*****************
HKU\S-1-5-21-1839434062-3037775892-936306819-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value not found.
vToolbarUpdater18.1.9 => Service not found.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx86.sys => Moved successfully.
gfibto => Service stopped successfully.
gfibto => Service deleted successfully.
C:\Windows\System32\drivers\gfibto.sys => Moved successfully.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2735ACBF-FC7C-4D90-9FF2-4CA3017C9515}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2735ACBF-FC7C-4D90-9FF2-4CA3017C9515}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
ask: {636A8754-9CC9-4A09-9495-161A3C9318E5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A754BB9B-B383-4264-8B2E-A6864EF23E7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A754BB9B-B383-4264-8B2E-A6864EF23E7A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
Eset Scan Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=68305a102eb0474ca2e09e0517377c87
# engine=19918
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-30 12:57:58
# local_time=2014-08-30 01:57:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 13362739 103577482 0 0
# scanned=124126
# found=1
# cleaned=1
# scan_time=2198
sh=B5A959465A82776804C7CBBDCE7C3C7158B1F5FE ft=1 fh=3a9864896d9bd40a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\Search Protection\Uninstall.exe.vir"
What Eset found is a file held in a quarantine folder so thats not an issue.
What it sounds like so far is hardware related to the computer.
I know that Blue screen wouldn't work earlier, but, since we have removed an amount of malicious files and processes let's try again using another tool first to see if we can produce a log.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
*******************
Download blue screen viewer from the link below and install and run it to read the dump files created by windows.
http://www.nirsoft.net/utils/blue_screen_view.html
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
***********
Try this tool in the event Blue screen wont run.
Please download the Event Viewer Tool by Vino Rosso and save it to your Desktop:
http://images.malwareremoval.com/vino/VEW.exe
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi,
Still couldn't run blue screen, it won't install properly, and now I can't uninstall it. Managed to do the others ok.
rkill log:
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/31/2014 08:05:14 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 08/31/2014 08:07:15 PM
Execution time: 0 hours(s), 2 minute(s), and 1 seconds(s)
VEW system log:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/08/2014 20:57:13
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 15:06:53
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 31/08/2014 11:51:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/08/2014 17:19:27
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 29/08/2014 21:38:08
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 29/08/2014 20:56:35
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/08/2014 22:37:31
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/08/2014 22:35:32
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/08/2014 22:27:12
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/08/2014 22:21:34
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Server service failed to start due to the following error: A system shutdown is in progress.
Log: 'System' Date/Time: 31/08/2014 19:27:23
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Log: 'System' Date/Time: 31/08/2014 19:27:24
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
Log: 'System' Date/Time: 31/08/2014 19:24:22
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
Log: 'System' Date/Time: 31/08/2014 19:07:47
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2014 19:37:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 31/08/2014 19:27:27
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 31/08/2014 19:25:37
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 31/08/2014 19:21:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 31/08/2014 19:19:52
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 31/08/2014 15:07:30
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 31/08/2014 11:30:09
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 30/08/2014 17:32:28
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 30/08/2014 17:20:05
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 30/08/2014 08:58:44
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 29/08/2014 21:39:34
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 29/08/2014 20:57:17
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 29/08/2014 20:14:24
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 29/08/2014 20:09:15
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 29/08/2014 15:38:10
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 29/08/2014 14:47:45
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 28/08/2014 22:38:03
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
Log: 'System' Date/Time: 28/08/2014 22:36:07
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
VEW App log:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/08/2014 20:59:00
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/08/2014 11:30:07
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Log: 'Application' Date/Time: 31/08/2014 05:25:54
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).
Log: 'Application' Date/Time: 30/08/2014 17:33:45
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 30/08/2014 17:21:18
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 30/08/2014 10:54:43
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).
Log: 'Application' Date/Time: 30/08/2014 09:00:14
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 30/08/2014 08:57:17
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/08/2014 21:40:00
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/08/2014 20:58:26
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/08/2014 20:10:46
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/08/2014 15:39:40
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/08/2014 14:49:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/08/2014 22:39:18
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/08/2014 22:29:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/08/2014 22:23:29
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/08/2014 11:12:57
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:57
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:53
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:53
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:48
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:42
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:42
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:35
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:35
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:21
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 31/08/2014 11:12:21
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
You can use Revo Uninstaller
Please download and install Revo Uninstaller Free
- Double click Revo Uninstaller to run it.
- From the list of programs double click on The Program to remove (BlueScreen)
- When prompted if you want to uninstall click Yes.
- Be sure the Moderate option is selected then click Next.
- The program will run, If prompted again click Yes
- when the built-in uninstaller is finished click on Next.
- Once the program has searched for leftovers click Next.
- Check/tick the bolded items only on the list then click Delete
- when prompted click on Yes and then on next.
- put a check on any folders that are found and select delete
- when prompted select yes then on next
- Once done click Finish.
***************
A lot of the errors seem to be pointed to USB
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#.
by chance is there an external device connected during all this?
A couple of suggestions because, this does not look to be malware but rather issues pointed to Windows Drivers.
Perform a clean startup
http://support.microsoft.com/kb/331796
Please read over the below topic of other users having the same difficulties
Driver\WUDFRd failed to load for the device
http://www.sevenforums.com/drivers/2...ice-error.html
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi,
Thank you for the uninstaller - Blue Screen has gone.
I have an external hard drive (Classic SL 80gb), which has been connected at all times. I can access everything on that and all the scans we have done have included that drive.
What I have noticed is that AppleSyncInfo tab had appeared on my favourites bar. About a year ago, my cousin used my computer to set up his new iphone. When he sync'd it, he managed to clear all my contacts in my MS Outlook program & I ended up with all his numbers. He didn't realise this, but I let him know so that he could delete all my contacts from his phone. I had problems with outlook after that - my talktalk emails stopped going to some accounts, so I stopped using it & now log on via the webpage. Not sure if this may be the problem. I though I'd uninstalled the I program that was downloaded (I don't use Iphones so I'm not sure of what the app associated with it are) I know there was iTunes downloaded.
I'll do the other stuff now.
Thanks
Go on and finish the above task, then we can look for and remove files and subfolders for AppleSync and iTunes.
When we do this, remove all USB devices.
I'll wait to hear back after you complete the other task. I would also like for you soon to try Last known good configuration, it's worth a try.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Posting Permissions
