Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Vista with BSOD from MBAM


  • This topic is locked This topic is locked
8 replies to this topic

#1 Falneth

Falneth

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:06:35 AM

Posted 18 April 2015 - 03:01 PM

I have an HP Pavilion a1710n desktop I am working on for a customer. This desktop has a dual-core AMD Athlon 64 x2 4200+processor with 1 GB RAM. It is a 32-bit OS. It takes, at minimum, 5-10 minutes just to fully load the desktop upon startup. I have already scanned with MBAM and with AVG 2015 and it doesn't have any viruses or malware anymore. I have disabled many of the unnecessary startup programs but it still takes forever to finish the bootup. It also freezes up when scanning in normal mode with either program even after having removed the PUP's and two Trojans that MBAM found. It locks up whenever I try to open a program or delete a file as well. I ran CCleaner and it removed 250 MB of junk from temporary files and temp internet files. I have also run "Tweaking's Windows Repair All in one" Repair Tool in safe mode. 

 

I have worked with user AURA in the Vista forum on it and he stated that because it is still having problems, it likely is still infected. He recommended removing AVG due to it being too heavy for the system so I installed AVAST Free on it instead. I don't know what else I can do to fix this computer. It has blue screened on me twice since I have installed MBAM.

 

The link to the previous post in the Vista forum is: here

 

This computer just took 11 minutes to finish the entire bootup sequence, from the moment I turned it on til it was able to be used. 

 

 

Attached Files


Edited by Falneth, 18 April 2015 - 05:21 PM.

A.A.S in Computer and Network Support from Crowder College


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 23 April 2015 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you remove this Pogo Games using the Add/Remove programs.
Pogo Games (remove only) (HKLM\...\PogoDGC) (Version: - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 - (No Name) - {08f9937e-0a4f-48cf-94e7-827223daec1d} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29SrcAs.dll No File
SearchScopes: HKLM -> {CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {2CF381A5-6CE4-4155-A60D-3D43EDD924C5} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {7EFBC57C-CD57-481f-B794-648FCE9C9116} URL = http://search.blubster-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {B3E905DC-656C-4EE9-9554-77A9695ECB41} URL = http://www.dealio.com/products.html?kwd={searchTerms}
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=WB
BHO: No Name -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {7EFBC57C-CD57-481F-B794-648FCE9C9116} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-2172619345-3474930537-3451452258-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i5x1zvek.default-1413843261578\searchplugins\google-avast.xml [2015-04-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-04-17]
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.7.1) - C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - https://clients2.google.com/service/update2/crx
S4 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519888 2011-11-30] (iWin Inc.)
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U4 sshrmd; No ImagePath
U4 ssidrv; No ImagePath
U2 TMAgent; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:182D85B1
AlternateDataStreams: C:\ProgramData\TEMP:3BA31186
AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:06:35 AM

Posted 23 April 2015 - 03:38 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-04-2015 01
Ran by Owner at 2015-04-23 14:06:11 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 - (No Name) - {08f9937e-0a4f-48cf-94e7-827223daec1d} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29SrcAs.dll No File
SearchScopes: HKLM -> {CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {2CF381A5-6CE4-4155-A60D-3D43EDD924C5} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {7EFBC57C-CD57-481f-B794-648FCE9C9116} URL = http://search.blubster-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {B3E905DC-656C-4EE9-9554-77A9695ECB41} URL = http://www.dealio.com/products.html?kwd={searchTerms}
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=WB
BHO: No Name -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {7EFBC57C-CD57-481F-B794-648FCE9C9116} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2172619345-3474930537-3451452258-1000 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-2172619345-3474930537-3451452258-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i5x1zvek.default-1413843261578\searchplugins\google-avast.xml [2015-04-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-04-17]
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.7.1) - C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - https://clients2.google.com/service/update2/crx
S4 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519888 2011-11-30] (iWin Inc.)
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U4 sshrmd; No ImagePath
U4 ssidrv; No ImagePath
U2 TMAgent; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:182D85B1
AlternateDataStreams: C:\ProgramData\TEMP:3BA31186
AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{08f9937e-0a4f-48cf-94e7-827223daec1d} => value deleted successfully.
"HKCR\CLSID\{08f9937e-0a4f-48cf-94e7-827223daec1d}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA}" => Key deleted successfully.
HKCR\CLSID\{CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CF381A5-6CE4-4155-A60D-3D43EDD924C5}" => Key deleted successfully.
HKCR\CLSID\{2CF381A5-6CE4-4155-A60D-3D43EDD924C5} => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7EFBC57C-CD57-481f-B794-648FCE9C9116}" => Key deleted successfully.
HKCR\CLSID\{7EFBC57C-CD57-481f-B794-648FCE9C9116} => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3E905DC-656C-4EE9-9554-77A9695ECB41}" => Key deleted successfully.
HKCR\CLSID\{B3E905DC-656C-4EE9-9554-77A9695ECB41} => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA}" => Key deleted successfully.
HKCR\CLSID\{CD9F5035-946A-4773-BBB2-C1CBFCC2FDEA} => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}" => Key deleted successfully.
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} => Key not found. 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => Key not found. 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} => value deleted successfully.
HKCR\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116} => Key not found. 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} => value deleted successfully.
HKCR\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} => Key not found. 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. 
HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found. 
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => Key deleted successfully.
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i5x1zvek.default-1413843261578\searchplugins\google-avast.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\41.0.2272.118\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll not found.
C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jmbmildjdmppofnohldicmnkojfhggmb" => Key deleted successfully.
PGMTrusted => Service deleted successfully.
nosGetPlusHelper => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
sshrmd => Service deleted successfully.
ssidrv => Service deleted successfully.
TMAgent => Service deleted successfully.
C:\ProgramData\TEMP => ":182D85B1" ADS removed successfully.
C:\ProgramData\TEMP => ":3BA31186" ADS removed successfully.
C:\ProgramData\TEMP => ":9B7E8561" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Classes\exefile" => Key deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-23 14:09:13)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.
 
==== End of Fixlog 14:09:14 ====
 
---------------ROGUEKILLER-------------------------------------------
 
RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/23/2015  14:47:35
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 19 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} (C:\Program Files\Yahoo!\Companion\Installs\cpn20\visic_coupon.dll) -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} (C:\Program Files\Yahoo!\Companion\Installs\cpn20\visic_coupon.dll) -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{4B6677C4-9583-4D60-9623-33044CE442D7} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} -> Not selected
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page :   -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DCF5DA8-FC91-4AEB-8008-A02C440AE8A9} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79CC494F-3F2A-4E62-AB9F-1DADB679F973} | DhcpNameServer : 24.116.2.50 24.116.2.34 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3DFE00A-E81E-430F-86BA-7601CED258AF} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6DCF5DA8-FC91-4AEB-8008-A02C440AE8A9} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{79CC494F-3F2A-4E62-AB9F-1DADB679F973} | DhcpNameServer : 24.116.2.50 24.116.2.34 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B3DFE00A-E81E-430F-86BA-7601CED258AF} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6DCF5DA8-FC91-4AEB-8008-A02C440AE8A9} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{79CC494F-3F2A-4E62-AB9F-1DADB679F973} | DhcpNameServer : 24.116.2.50 24.116.2.34 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B3DFE00A-E81E-430F-86BA-7601CED258AF} | DhcpNameServer : 24.116.0.53 24.116.2.50 [X][X]  -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2172619345-3474930537-3451452258-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++
--- User ---
[MBR] b098ca6489d60f24deb0c9e5481c77f3
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 298834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 612012240 | Size: 6408 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_04232015_144644.log
 
---------------ADWCLEANER-------------------------------------------
 
# AdwCleaner v4.201 - Logfile created 23/04/2015 at 14:51:31
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\Owner\AppData\LocalLow\visi_coupon
Folder Deleted : C:\Users\Owner\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ShopAtHome
Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Owner\AppData\Roaming\SpeedMaxPc
File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6677C4-9583-4D60-9623-33044CE442D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Dealio
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows2.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows2.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows4.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16636
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [12685 bytes] - [23/04/2015 14:49:19]
AdwCleaner[S0].txt - [6818 bytes] - [23/04/2015 14:51:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6877  bytes] ##########
 

As for how the machine is running now, it is still throwing the Kernel_Stack_Inpage_error BSOD when rebooting. 


A.A.S in Computer and Network Support from Crowder College


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 24 April 2015 - 07:44 AM

it is still throwing the Kernel_Stack_Inpage_error BSOD when rebooting.

This can be caused by a few things. Lets find out.

https://msdn.microsoft.com/en-us/library/windows/hardware/ff559197(v=vs.85).aspx

===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#5 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:06:35 AM

Posted 24 April 2015 - 07:52 AM

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Owner (administrator) on 24-04-2015 at 07:49:42
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: RK573AA-ABA a1710n Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/24/2015 00:00:15 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).
 
Error: (04/24/2015 00:00:15 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.
 
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an 
application's installer or uninstaller.
 
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an 
application's installer or uninstaller.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (04/23/2015 09:42:54 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).
 
Error: (04/23/2015 09:42:54 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).
 
Error: (04/23/2015 09:42:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.
 
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/23/2015 09:42:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an 
application's installer or uninstaller.
 
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
 
System errors:
=============
Error: (04/23/2015 03:48:33 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147949456
 
Error: (04/23/2015 03:47:43 PM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service
 
Error: (04/23/2015 03:47:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎4/‎23/‎2015 8:47:31 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (04/23/2015 03:41:17 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
 
Error: (04/23/2015 03:41:17 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (04/23/2015 03:40:10 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (04/23/2015 03:39:42 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:26:58 PM on 4/23/2015 was unexpected.
 
Error: (04/23/2015 03:20:44 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147949456
 
Error: (04/23/2015 03:19:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎4/‎23/‎2015 8:19:31 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (04/23/2015 03:19:16 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Network Inspection%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2015 00:00:15 AM) (Source: System Restore)(User: )
Description: 0x8000ffff
 
Error: (04/24/2015 00:00:15 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8000ffff
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80004002
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS)(User: )
Description: Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (04/24/2015 00:00:15 AM) (Source: VSS)(User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (04/23/2015 09:42:54 PM) (Source: System Restore)(User: )
Description: 0x8000ffff
 
Error: (04/23/2015 09:42:54 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8000ffff
 
Error: (04/23/2015 09:42:54 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80004002
 
Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
Error: (04/23/2015 09:42:54 PM) (Source: VSS)(User: )
Description: Operation:
   Abort Backup
 
Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-24 03:17:39.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:17:38.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:17:37.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:17:36.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:17:35.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:17:34.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:12:58.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:12:57.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:12:56.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-24 03:12:55.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****

A.A.S in Computer and Network Support from Crowder College


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 24 April 2015 - 10:36 AM

The KERNEL_STACK_INPAGE_ERROR bug check has a value of 0x00000077


I was expecting to see more information from this BSOD.

Next time it happens please copy the extact error message and post it for my review.

look at this page. What are the parameters that you get?
https://msdn.microsoft.com/en-us/library/windows/hardware/ff559197(v=vs.85).aspx

#7 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:06:35 AM

Posted 24 April 2015 - 03:21 PM

Here is the exact Error Message from the BSOD:

 

 

KERNEL_DATA_INPAGE_ERROR

 

 

Technical Information:

*** STOP: 0x0000007A (0xC04EB648, 0xC000000E, 0x12ADB860, 0x9D6C901F)

 

***        spsys.sus - Address 9D3C901F base at 9D649000, DateStamp 49b69f04

 

 

Collecting data for crash dump ...

Initializing disk for crash dump ...

beginning dump of physical memory.

Dumping physical memory to disk:  100

Physical memory dump complete.

Contact your system admin or technical support group for further assistance


A.A.S in Computer and Network Support from Crowder College


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 25 April 2015 - 06:46 AM

Technical Information:
*** STOP: 0x0000007A (0xC04EB648, 0xC000000E, 0x12ADB860, 0x9D6C901F)

*** spsys.sus - Address 9D3C901F base at 9D649000, DateStamp 49b69f04


I cannot find any reference to the first parameter 0xC04EB648

Also I think that the spsys.sus should be spsys.sys .

This is not caused by malware.

I suggest you start a new topic in the Vista forum
http://www.bleepingcomputer.com/forums/f/72/windows-vista/

An expert can possibly help better than I can since this is not malware and not my forte.

Start a new topic and post the minidump file that was created at the last BSOD.

I will leave this topic open for 5 days if you need to return please do.
PM me if the topic is closed.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 01 May 2015 - 07:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users