Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting blank screen especially when using antivirus


  • This topic is locked This topic is locked
6 replies to this topic

#1 mandy52799

mandy52799

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 08 December 2015 - 09:08 AM

I keep getting a blank screen with no cursor (color varies. Started with white, then black, then teal and pink in safe mode) Computer difficult to start up in normal mode. Safe mode is fine until I try to run any kind of virus/malware scan, then I am back to the blank screen. 
 
Thanks for your help. I truly appreciate it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
Ran by Morgan Spooneybarger (administrator) on MORGANSPOONE-PC (08-12-2015 08:35:10)
Running from C:\Users\Morgan Spooneybarger\Downloads
Loaded Profiles: Morgan Spooneybarger (Available Profiles: Morgan Spooneybarger)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Bleeping Computer, LLC) C:\Users\Morgan Spooneybarger\Downloads\rkill.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-07-15] (Sony Corporation)
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-11] (Google Inc.)
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\Run: [Google Update] => C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2008-01-01] (Google Inc.)
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll [2008-06-13] (TODO: <Company name>)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.10.10.254 8.8.8.8
Tcpip\..\Interfaces\{2BEEDDE3-9D19-4856-BC49-7AC5C8321FD5}: [DhcpNameServer] 10.10.10.254 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://starfall.com/
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.com/vaiopeople_f08
URLSearchHook: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> {A228AB11-6EF6-42C6-8F74-F6149123A60B} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50sonyie7&query={searchTerms}
SearchScopes: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15] (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-26] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-21] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-26] (Sun Microsystems, Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-15] (Yahoo! Inc)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15] (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-21] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2007-11-12] (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-03-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-04-26] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-04-26] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-378965777-1557331278-2168233033-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-378965777-1557331278-2168233033-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-378965777-1557331278-2168233033-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Morgan Spooneybarger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-03-27] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Native Client) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Morgan Spooneybarger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-02]
CHR Extension: (OneTab) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-31]
StartMenuInternet: Google Chrome.F72WW5HIG4O6T6HOGSHRNURNQQ - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
S2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
S2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [255920 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2009-07-14] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-16] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVENG.SYS [87928 2012-07-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVEX15.SYS [1589752 2012-07-16] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-03-11] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 EraserUtilDrv11210; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-08 08:00 - 2015-12-08 08:01 - 00032850 _____ C:\Users\Morgan Spooneybarger\Downloads\Addition.txt
2015-12-08 07:58 - 2015-12-08 08:35 - 00000000 _____ C:\Users\Morgan Spooneybarger\Downloads\FRST.txt
2015-12-08 07:57 - 2015-12-08 08:35 - 00000000 ____D C:\FRST
2015-12-08 07:56 - 2015-12-08 07:56 - 05640425 _____ (Swearware) C:\Users\Morgan Spooneybarger\Downloads\ComboFix.exe
2015-12-08 07:56 - 2015-12-08 07:56 - 01738240 _____ C:\Users\Morgan Spooneybarger\Downloads\AdwCleaner.exe
2015-12-08 07:55 - 2015-12-08 07:55 - 01719808 _____ (Farbar) C:\Users\Morgan Spooneybarger\Downloads\FRST.exe
2015-12-08 07:23 - 2015-12-08 07:24 - 02073512 _____ (Trend Micro Inc.) C:\Users\Morgan Spooneybarger\Downloads\HousecallLauncher (3).exe
2015-12-08 07:21 - 2015-12-08 08:32 - 00190554 _____ C:\Windows\ntbtlog.txt
2015-12-08 02:54 - 2015-12-08 02:54 - 00000010 _____ C:\Users\Morgan Spooneybarger\AppData\Local\sponge.last.runtime.cache
2015-12-08 02:44 - 2015-12-08 02:44 - 02073512 _____ (Trend Micro Inc.) C:\Users\Morgan Spooneybarger\Downloads\HousecallLauncher (2).exe
2015-12-08 02:34 - 2015-12-08 02:34 - 02073512 _____ (Trend Micro Inc.) C:\Users\Morgan Spooneybarger\Downloads\HousecallLauncher (1).exe
2015-12-08 02:34 - 2015-05-29 02:43 - 00303744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-12-08 02:22 - 2015-12-08 02:22 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Roaming\AVG
2015-12-08 02:20 - 2015-12-08 02:20 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Roaming\TuneUp Software
2015-12-08 02:20 - 2015-12-08 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-08 02:14 - 2015-12-08 07:51 - 00000000 ____D C:\ProgramData\MFAData
2015-12-08 02:14 - 2015-12-08 02:14 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Local\MFAData
2015-12-08 02:13 - 2015-12-08 02:13 - 00000811 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-08 02:13 - 2015-12-08 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-08 02:10 - 2015-12-08 02:18 - 00000000 ____D C:\ProgramData\Avg
2015-12-08 02:09 - 2015-12-08 02:21 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Local\Avg
2015-12-08 02:09 - 2015-12-08 02:13 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Local\AvgSetupLog
2015-12-08 02:09 - 2015-12-08 02:09 - 02970984 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Morgan Spooneybarger\Downloads\AVG_Protection_Free_698.exe
2015-12-08 02:03 - 2015-12-08 08:33 - 00000002 _____ C:\Users\Morgan Spooneybarger\Desktop\Rkill.txt
2015-12-08 02:03 - 2015-12-08 02:03 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Morgan Spooneybarger\Downloads\rkill.exe
2015-11-20 08:05 - 2015-11-20 08:05 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2015-11-16 13:14 - 2015-11-16 13:14 - 00102831 _____ C:\Users\Morgan Spooneybarger\Downloads\Quote_Mandy.pdf
2015-11-13 11:40 - 2015-11-13 11:40 - 00000000 ____D C:\Users\Morgan Spooneybarger\AppData\Roaming\Apple Computer
2015-11-08 22:44 - 2015-11-09 19:54 - 00000144 ____H C:\Users\Morgan Spooneybarger\Downloads\.~lock.my singing monsters tribe.ods#
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-08 07:57 - 2006-11-02 06:18 - 00000000 ____D C:\Windows
2015-12-08 07:50 - 2010-12-11 18:56 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 07:50 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 07:50 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 07:50 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 04:59 - 2008-12-26 10:28 - 00000000 ____D C:\Users\Morgan Spooneybarger
2015-12-08 04:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2015-12-08 04:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2015-12-08 04:59 - 2006-11-02 05:22 - 41418752 _____ C:\Windows\system32\config\software_previous
2015-12-08 04:59 - 2006-11-02 05:22 - 18087936 _____ C:\Windows\system32\config\system_previous
2015-12-08 04:56 - 2006-11-02 05:22 - 35127296 _____ C:\Windows\system32\config\components_previous
2015-12-08 04:56 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-08 02:52 - 2013-01-21 00:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 02:21 - 2011-11-09 15:57 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000UA.job
2015-12-08 02:21 - 2010-12-11 18:56 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 02:18 - 2010-03-11 10:33 - 00000000 ___HD C:\$AVG
2015-12-08 02:16 - 2010-03-11 10:32 - 00000000 ____D C:\Program Files\AVG
2015-12-08 02:11 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2015-12-08 02:07 - 2006-11-02 05:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 01:37 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-08 01:37 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-12-06 07:01 - 2015-09-16 00:17 - 00002814 _____ C:\Users\Morgan Spooneybarger\Desktop\important notes.txt
2015-12-04 08:21 - 2011-11-09 15:57 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000Core.job
2015-12-02 14:26 - 2015-08-31 22:25 - 00002117 _____ C:\Users\Morgan Spooneybarger\Desktop\Google Chrome.lnk
2015-11-24 03:36 - 2015-10-07 23:12 - 00000000 ____D C:\Windows\Minidump
2015-11-12 03:28 - 2015-09-01 02:18 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 03:09 - 2006-11-02 05:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-12 03:08 - 2008-08-20 14:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-09 19:55 - 2015-09-02 02:07 - 00023117 _____ C:\Users\Morgan Spooneybarger\Downloads\my singing monsters tribe.ods
 
==================== Files in the root of some directories =======
 
2012-09-06 12:07 - 2012-09-06 12:07 - 0197749 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\ars.cache
2012-09-06 12:07 - 2012-09-06 12:07 - 0311158 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\census.cache
2011-04-20 15:16 - 2012-07-08 21:10 - 0000680 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\d3d9caps.dat
2011-07-31 21:05 - 2015-09-16 03:46 - 0006656 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-06 11:49 - 2012-09-06 11:49 - 0000036 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\housecall.guid.cache
2015-12-08 02:54 - 2015-12-08 02:54 - 0000010 _____ () C:\Users\Morgan Spooneybarger\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-08 08:12
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   32.08KB   4 downloads
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
Ran by Morgan Spooneybarger (2015-12-08 08:00:09)
Running from C:\Users\Morgan Spooneybarger\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-12-26 14:18:43)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-378965777-1557331278-2168233033-500 - Administrator - Disabled)
Guest (S-1-5-21-378965777-1557331278-2168233033-501 - Limited - Disabled)
Morgan Spooneybarger (S-1-5-21-378965777-1557331278-2168233033-1000 - Administrator - Enabled) => C:\Users\Morgan Spooneybarger

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Symantec Endpoint Protection (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Amazing World (HKLM\...\AmazingWorld) (Version: 1.0.0.0 - Ganz)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft Magic-i Visual Effects (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft)
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG (Version: 16.12.7294 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4483 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
Books by You (HKLM\...\Books by You) (Version: - )
calibre (HKLM\...\{01FB1338-C19D-4AC6-BFED-AFD9AD8366ED}) (Version: 2.36.0 - Kovid Goyal)
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Hidden
Clone Wars (HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\SOE-Clone Wars) (Version: - Sony Online Entertainment)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.135 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Hidden Mysteries Civil War (HKLM\...\Hidden Mysteries Civil War) (Version: 1.0 - Game Mill Entertainment)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JumpStart Math 1st Grade (HKLM\...\JumpStart Math 1st Grade) (Version: - )
JumpStart Reading for First Graders (HKLM\...\JumpStart Reading for First Graders) (Version: - )
JumpStart Spanish (HKLM\...\JumpStart Spanish) (Version: - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MySims™ (HKLM\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts)
Nero 9 (HKLM\...\{a269b3aa-5f8e-43a4-b393-e3e8fa48e4a1}) (Version: - Nero AG)
Nero 9 Trial (HKLM\...\{f47e0463-2385-447f-89b1-eff868eee4b8}) (Version: - Nero AG)
OpenMG Secure Module 5.1.00 (HKLM\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (Version: 5.1.00.05200 - Sony Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Simple Start 2008 (HKLM\...\{8ECB8220-F419-4BEB-9596-97033C533702}) (Version: 18.0.4003.606 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Reader Rabbit 1st Grade® Capers on Cloud Nine!™ (HKLM\...\Reader Rabbit 1st Grade® Capers on Cloud Nine!™) (Version: - )
Reader Rabbit 2nd Grade® Mis-cheese-ious Dreamship Adventures™ (HKLM\...\Reader Rabbit 2nd Grade® Mis-cheese-ious Dreamship Adventures™) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Schoolhouse Rock: Math Rock (HKLM\...\MathRock) (Version: - )
Scooby-Doo!™ (HKLM\...\{67A070AE-F3AE-4454-8F94-787435FCD98A}) (Version: 4.1.07 - The Learning Company)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07290 - Sony Corporation)
SmartWi Connection Utility (HKLM\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.4.0.20080627.1647 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.13.0 - Synaptics)
The Digital Arts and Crafts Studio (HKLM\...\{983338D4-D972-4C58-AA6D-B81445070451}) (Version: 1.0.0001 - Fisher-Price, Inc.)
Unity Web Player (HKU\S-1-5-21-378965777-1557331278-2168233033-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VAIO Care (HKLM\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 1.00.0813 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07150 - Sony Corporation)
VAIO Help and Support (HKLM\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.00.0805.NS - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.00.0729.US - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.06190 - Sony Corporation)
VAIO Presentation Support (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.0.00.04240 - Sony Corporation)
VAIO Startup Assistant (HKLM\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 3.00.0731 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.06110 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VAIO Wireless Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.01.0722 - Sony)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.513 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B9.513 - InterVideo Inc.) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zoombinis Island Odyssey (HKLM\...\Zoombinis Island Odyssey) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)

==================== Restore Points =========================

17-11-2015 14:45:31 Scheduled Checkpoint
18-11-2015 20:43:30 Scheduled Checkpoint
19-11-2015 14:53:33 Scheduled Checkpoint
21-11-2015 14:08:25 Scheduled Checkpoint
23-11-2015 07:45:45 Scheduled Checkpoint
24-11-2015 14:52:01 Scheduled Checkpoint
28-11-2015 16:42:41 Scheduled Checkpoint
29-11-2015 17:23:08 Scheduled Checkpoint
30-11-2015 14:56:18 Scheduled Checkpoint
02-12-2015 15:01:01 Scheduled Checkpoint
06-12-2015 19:26:56 Scheduled Checkpoint
08-12-2015 02:15:50 Installed AVG 2016
08-12-2015 02:17:27 Installed AVG

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059DE518-E54D-46A9-A446-A5AEC8190840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2008-01-01] (Google Inc.)
Task: {0EAAE714-06B5-4590-9B38-7E0B8BBEA422} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000UA => C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-01] (Google Inc.)
Task: {13EB4EA2-0E3D-4350-B5E0-99FE381DBDCC} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3CF5F25B-A665-4B40-AA9A-26B95C16D5E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-21] (Adobe Systems Incorporated)
Task: {490800B5-0545-4805-B23C-46D4F5C3C4B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6C1CF967-FCA5-4A00-A744-A39413165543} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2008-01-01] (Google Inc.)
Task: {79F17B9A-CF69-46A9-9FE8-2552CF08AD6C} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-06-11] (Sony Corporation)
Task: {8E402FCB-75F6-4440-A3A4-2D109FAD026A} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2008-08-13] (Sony Electronics, Inc.)
Task: {AB7CE584-F453-44F0-B2A4-4370F763574A} - System32\Tasks\{6F0E203A-3D0E-40D2-9ABE-C885628E34B8} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
Task: {F8ED3F71-B658-4AA1-9A6B-707F0B0AEF34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000Core => C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000Core.job => C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-378965777-1557331278-2168233033-1000UA.job => C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-378965777-1557331278-2168233033-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Morgan Spooneybarger\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 10.10.10.254 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.LNK => C:\Windows\pss\AOLDDI.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Morgan Spooneybarger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DACSMiniApp => C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VAIOMyMemCenter => "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
MSCONFIG\startupreg: VAIORegistration => "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
MSCONFIG\startupreg: VAIOSurvey => "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{FA15B006-D21E-49C8-8336-BA9BD8612B08}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7CE97BEA-EF29-4D4F-AAC2-26E9DC38AB7C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{25D142F8-BCA1-4DE6-BAE8-75A0B8E2FE6B}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{680FBB9D-5606-4A70-A8A6-425D72BB7DAC}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{DAE4B5E8-7973-4237-998E-FC9A58FD2DA0}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{DD0134C2-977F-4BA2-A07C-7F1777EE6187}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{F6033977-F8C1-43CE-B071-AA9F94B4A23C}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{05AAD8A0-6104-4FC0-ADCB-296FC08F1783}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{B6C4A714-9F75-4950-A9DB-BAD7B0D98055}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{64B28927-8D12-4FA2-94E5-415F69C9A947}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{9FEAAB64-F870-4264-8DF6-4EB9A308F26B}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{F0F2A021-3B99-49C6-81FB-64CA52C32787}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{CD5805D3-5134-45C6-8E33-ED624D48BFB5}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{6DFCBCA2-C6B9-4D19-9B37-F189A6D4A37A}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{72F3EA38-0979-431A-A9ED-AA406BE0A4F0}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{70F1F4F1-AA04-49C9-BA03-68DA7E075AB9}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E61F0606-9036-4CA6-BF0A-058C4E63F1B9}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{D1F56371-3638-46C3-9005-7EB94E0BA919}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{E88BB8C1-1A27-4035-AFE5-96BBE48F4534}] => (Allow) C:\Users\MORGAN~1\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{A5773EAD-2724-489A-82F3-4A10B87EB08A}] => (Allow) C:\Users\MORGAN~1\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2015 07:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 07:54:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:54:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2015 07:53:42 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Edited by Oh My!, 09 December 2015 - 03:43 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:12 PM

Posted 09 December 2015 - 03:50 PM

Greetings mandy52799 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. Do the best you can in Safe Mode and if one of the programs won't run properly just let me know.



===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Symantec Endpoint Protection
AVG AntiVirus Free Edition


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
CHR Plugin: (Native Client) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 EraserUtilDrv11210; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
Task: {AB7CE584-F453-44F0-B2A4-4370F763574A} - System32\Tasks\{6F0E203A-3D0E-40D2-9ABE-C885628E34B8} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did you remove an antivirus program?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Edited by Oh My!, 09 December 2015 - 03:57 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 mandy52799

mandy52799
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 10 December 2015 - 01:14 PM

Thank you so much for your help. I'm sorry I was slow to reply, but I'm working double hours right now.

 

I am able to actually run the antivirus now that I followed these steps, which was blocked before, but it still won't update for some reason. I have also had one more instance of the screen going blank since I did this.

 

I removed the symantec (it was an expired version anyway)

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-12-2015
Ran by Morgan Spooneybarger (2015-12-10 02:56:45) Run:1
Running from C:\Users\Morgan Spooneybarger\Downloads
Loaded Profiles: Morgan Spooneybarger (Available Profiles: Morgan Spooneybarger)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-378965777-1557331278-2168233033-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
CHR Plugin: (Native Client) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 EraserUtilDrv11210; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Morgan Spooneybarger\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
Task: {AB7CE584-F453-44F0-B2A4-4370F763574A} - System32\Tasks\{6F0E203A-3D0E-40D2-9ABE-C885628E34B8} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
 
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKU\S-1-5-21-378965777-1557331278-2168233033-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\pdf.dll => not found.
C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\Application\47.0.2526.73\gcswf32.dll => not found.
C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
WpsHelper => service not found.
EraserUtilDrv11210 => service not found.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
UIUSys => service removed successfully.
"HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-378965777-1557331278-2168233033-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB7CE584-F453-44F0-B2A4-4370F763574A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB7CE584-F453-44F0-B2A4-4370F763574A}" => key removed successfully.
C:\Windows\System32\Tasks\{6F0E203A-3D0E-40D2-9ABE-C885628E34B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F0E203A-3D0E-40D2-9ABE-C885628E34B8}" => key removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 02:56:46 ====
 
 
# AdwCleaner v5.024 - Logfile created 10/12/2015 at 03:06:12
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (x86)
# Username : Morgan Spooneybarger - MORGANSPOONE-PC
# Running from : C:\Users\Morgan Spooneybarger\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] File Deleted : C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Morgan Spooneybarger\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chphlpgkkbolifaimnlloiipkdnihall
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1379 bytes] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows Vista ™ Home Premium x86 
Ran by Morgan Spooneybarger (Administrator) on Thu 12/10/2015 at  3:16:25.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/10/2015 at  3:20:23.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attached File  summary.zip   49.87KB   1 downloads

 



#4 mandy52799

mandy52799
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 10 December 2015 - 01:46 PM

***update***

 

After another restart, the antivirus is now updated and working and so far no more blank screen issues. 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:12 PM

Posted 10 December 2015 - 03:58 PM

Very good.

While you continue to monitor your computer behavior please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:12 PM

Posted 13 December 2015 - 09:19 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:12 PM

Posted 15 December 2015 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users