Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer issues Windows Vista SP2


  • This topic is locked This topic is locked
33 replies to this topic

#1 LucyG2

LucyG2

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 26 March 2016 - 03:37 PM

My Vista SP2 computer will not connect to internet, windows update etc.  and I get this message at startup "Windows needs to install driver software for your Internet Access Server"  I have attached addition.txt and FRST.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 26 March 2016 - 07:11 PM

Hi LucyG2, give me some time to analyze your logs and I will return with instructions for cleaning up your computer.


Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 26 March 2016 - 08:24 PM

Hello LucyG2, and    :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.   :heart: Please be courteous and appreciative for the assistance provided!

 

  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==================================================

 

Download attached fixlist.txt file and save it to the Desktop.

 


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

==========

 

Next, 

 

We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

DefaultTab Chrome

Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )

Qwiklinx

Additional instructions can be found here if needed.

 

==========

 

Windows Firewall is disabled, let's try turning it on:

 

 

  1. Open Windows Firewall by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Turn Windows Firewall on or off18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    5f453e7d-c59b-42e9-947e-44f0da1a71ef_50.Turn Windows Firewall on or off link in Windows Firewall
  3. Click Turn on Windows Firewall under each network location that you want to help protect, and then click OK.

    If you want the firewall to prevent all programs from communicating, including programs that you have previously allowed to communicate through the firewall, select the Block all incoming connections, including those in the list of allowed programs check box.

==========

Things I need to see in your next reply:

  • Frstfix.txt
  • Confirmation of listed program removal
  • Did Windows Firewall turn on successfully?
  • How's your computer behaving now?

 


Best Regards,
oneof4.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 26 March 2016 - 08:26 PM

Hello LucyG2, and    :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.   :heart: Please be courteous and appreciative for the assistance provided!

 

  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==================================================

 

Download attached fixlist.txt file and save it to the Desktop.

 


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

==========

 

Next, 

 

We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

DefaultTab Chrome

Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )

Qwiklinx

Additional instructions can be found here if needed.

 

==========

 

Windows Firewall is disabled, let's try turning it on:

 

 

  1. Open Windows Firewall by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Turn Windows Firewall on or off18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    5f453e7d-c59b-42e9-947e-44f0da1a71ef_50.Turn Windows Firewall on or off link in Windows Firewall
  3. Click Turn on Windows Firewall under each network location that you want to help protect, and then click OK.

    If you want the firewall to prevent all programs from communicating, including programs that you have previously allowed to communicate through the firewall, select the Block all incoming connections, including those in the list of allowed programs check box.

==========

Things I need to see in your next reply:

  • Frstfix.txt
  • Confirmation of listed program removal
  • Did Windows Firewall turn on successfully?
  • How's your computer behaving now?

 

Attached Files


Best Regards,
oneof4.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 26 March 2016 - 08:33 PM

Sorry for the double post.  :unsure:


Best Regards,
oneof4.


#6 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 27 March 2016 - 08:53 AM

The FRST/FRST64 link will not work



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 27 March 2016 - 11:40 AM

You mean that when you double-click it that it does not open?


Best Regards,
oneof4.


#8 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 27 March 2016 - 02:09 PM

No, it says "Run FRST/FRST64 and press the Fix button just once and wait"

 

Where do I get FRST/FRST64 from?



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 27 March 2016 - 08:08 PM

That is the program you used to generate the first two logs that you posted. It appears that you ran it from G:\, is that a USB drive?  If so, then drag and drop or copy and paste FRST to the Desktop of your infected computer and then proceed with the previous instructions.


Best Regards,
oneof4.


#10 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 27 March 2016 - 08:44 PM

Listed programs were present and successfully removed

windows firewall turned on properly

I can connet to internet now, however windows update will not work

The following is FRST.txt as I did not see Frstfix.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Melissa (administrator) on MELISSA-PC (27-03-2016 19:25:51)
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(US Tech Support LLC) C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\MountPoints2: E - E:\FusionAutorun.exe
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\MountPoints2: {0bb34fd4-b7a8-11e0-b2d6-001d09ae3151} - F:\LaunchU3.exe -a
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\MountPoints2: {2491f205-209b-11e2-8820-001d09ae3151} - G:\iStudio.exe
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\MountPoints2: {693bddec-a38c-11dc-ad14-806e6f6e6963} - E:\FusionAutorun.exe
HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ZPFYBW\test[1].dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 69.144.127.53 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{976BD709-2F5D-43B8-A79D-E17771CF7C74}: [DhcpNameServer] 69.144.127.53 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?ilc=1
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071206
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2012-05-10] (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-12-05] (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2012-05-10] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll [2007-09-24] (Hewlett-Packard Company)
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2007-09-24] (Hewlett-Packard Company)
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2007-09-24] (Hewlett-Packard Company)
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll [2007-09-24] (Hewlett-Packard Company)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\8tyedyg7.default
FF Homepage: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll [2012-10-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-01-22] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-434172673-3515576942-756710206-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Melissa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )

Chrome:
=======
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx [2012-10-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx [2012-10-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-10-06] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 USTSScheduler; C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe [736648 2012-07-12] (US Tech Support LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
S3 KSSBVUUC; C:\Users\Melissa\AppData\Local\Temp\KSSBVUUC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2011-11-12] (LeapFrog)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36592 2006-08-16] (Sonic Solutions) [File not signed]
S3 Ser2rs; C:\Windows\System32\DRIVERS\ser2rs.sys [76288 2007-06-25] (Prolific Technology Inc.)
S3 slsusb; C:\Windows\System32\Drivers\slsusb.sys [26208 2009-08-03] (System Level Solutions (India) Pvt. Ltd.)
S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Melissa\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: pivotmou -> no filepath.
NETSVC: ssidrv -> no filepath.
NETSVC: admjoy -> no filepath.
NETSVC: SNPSTD3 -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 19:25 - 2016-03-27 19:26 - 00014090 _____ C:\Users\Melissa\Desktop\FRST.txt
2016-03-27 19:24 - 2016-03-27 19:24 - 01725440 _____ (Farbar) C:\Users\Melissa\Downloads\FRST.exe
2016-03-27 19:24 - 2016-03-27 19:24 - 01725440 _____ (Farbar) C:\Users\Melissa\Desktop\FRST.exe
2016-03-27 07:51 - 2016-03-27 07:50 - 00006602 _____ C:\Users\Melissa\Desktop\fixlist.txt
2016-03-27 07:50 - 2016-03-27 07:50 - 00006602 _____ C:\Users\Melissa\Downloads\fixlist.txt
2016-03-26 14:51 - 2016-03-26 14:52 - 00002989 _____ C:\Users\Melissa\Desktop\Windows Vista Upgrade Advisor.lnk
2016-03-26 14:51 - 2016-03-26 14:52 - 00002935 _____ C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Upgrade Advisor.lnk
2016-03-26 14:34 - 2016-03-27 19:25 - 00000000 ____D C:\FRST
2016-03-26 14:12 - 2016-03-26 14:02 - 00615478 _____ C:\Users\Melissa\Desktop\Autoruns.zip
2016-03-26 12:22 - 2016-03-26 12:32 - 00000000 ____D C:\Program Files\Unlocker
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Local\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\ProgramData\Babylon
2016-03-25 21:42 - 2016-03-25 21:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MELISSA-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2016-03-25 21:32 - 2016-03-26 07:48 - 00675779 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-03-25 21:32 - 2016-03-26 07:48 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-03-25 21:32 - 2016-03-25 21:59 - 00001954 _____ C:\Users\Melissa\Desktop\Tweaking.com - Windows Repair.lnk
2016-03-25 21:32 - 2016-03-25 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-25 21:32 - 2016-03-25 21:32 - 00000000 ____D C:\Program Files\Tweaking.com
2016-03-25 20:23 - 2016-03-25 20:23 - 00000000 ____D C:\Users\Melissa\AppData\Local\Microsoft Corporation
2016-03-25 20:22 - 2016-03-25 20:22 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2016-03-25 20:22 - 2016-03-25 20:22 - 00001986 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2016-03-25 20:22 - 2016-03-25 20:22 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2016-03-25 19:42 - 2016-03-25 19:42 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\driveridentifier
2016-03-25 19:42 - 2016-03-25 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
2016-03-25 19:42 - 2016-03-25 19:42 - 00000000 ____D C:\Program Files\Driver Identifier
2016-03-25 19:16 - 2016-03-25 19:16 - 00139176 _____ C:\Windows\Minidump\Mini032516-01.dmp
2016-03-25 18:54 - 2016-03-26 12:36 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-25 18:54 - 2016-03-25 18:54 - 00000000 ____D C:\Windows\system32\Drivers\NS
2016-03-25 18:51 - 2016-03-25 18:51 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-25 18:15 - 2016-03-25 18:15 - 00000000 __SHD C:\found.001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 19:19 - 2009-11-17 20:20 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 19:18 - 2012-05-23 09:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-27 19:18 - 2009-11-17 20:20 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-27 07:43 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2016-03-27 07:43 - 2006-11-02 04:33 - 00781288 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-26 15:00 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-26 15:00 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-26 15:00 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-26 15:00 - 2006-11-02 06:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-26 14:58 - 2006-11-02 07:01 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-26 13:14 - 2012-12-09 23:46 - 01649582 _____ C:\Windows\ntbtlog.txt
2016-03-26 12:42 - 2012-12-08 16:36 - 00000000 ____D C:\ProgramData\Norton
2016-03-26 07:38 - 2007-12-05 18:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-26 07:35 - 2012-03-11 19:53 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Skype
2016-03-26 07:35 - 2012-03-11 19:52 - 00000000 ____D C:\ProgramData\Skype
2016-03-26 07:34 - 2012-07-23 20:26 - 00000000 ____D C:\Windows\0A94AE0C677C491D8A72A5AB2DAA68C1.TMP
2016-03-26 07:34 - 2011-03-27 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2016-03-26 07:34 - 2011-03-27 14:35 - 00000000 ____D C:\Program Files\LeapFrog
2016-03-26 07:33 - 2013-09-23 06:40 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Seagate
2016-03-26 07:31 - 2008-01-17 17:55 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Ulead Systems
2016-03-26 07:31 - 2008-01-17 17:27 - 00000000 ____D C:\ProgramData\Ulead Systems
2016-03-26 07:31 - 2008-01-17 17:27 - 00000000 ____D C:\Program Files\Corel
2016-03-26 07:31 - 2008-01-17 17:27 - 00000000 ____D C:\Program Files\Common Files\Ulead Systems
2016-03-26 07:30 - 2007-12-05 18:07 - 00000000 ____D C:\Program Files\Creative
2016-03-26 07:27 - 2007-12-29 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalorieKing.com
2016-03-26 07:26 - 2012-08-10 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edge Products
2016-03-25 19:16 - 2008-02-06 17:16 - 00000000 ____D C:\Windows\Minidump
2016-03-25 19:16 - 2008-02-06 17:15 - 357802015 _____ C:\Windows\MEMORY.DMP

==================== Files in the root of some directories =======

2008-01-17 17:31 - 2007-04-25 02:49 - 0000328 _____ () C:\Program Files\GuideMenuSetup.iss
2008-01-17 17:34 - 2007-04-05 21:28 - 0001237 _____ () C:\Program Files\WinDVDSetup.iss
2008-10-31 12:22 - 2010-12-15 21:45 - 0000336 _____ () C:\Users\Melissa\AppData\Roaming\wklnhst.dat
2009-01-02 16:03 - 2012-12-10 00:20 - 0001356 _____ () C:\Users\Melissa\AppData\Local\d3d9caps.dat
2007-12-12 16:10 - 2011-08-01 20:27 - 0047104 _____ () C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-30 20:42 - 2012-10-30 20:42 - 0290500 _____ () C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx

Some files in TEMP:
====================
C:\Users\Melissa\AppData\Local\Temp\DeltaTB.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-03-26 13:26

==================== End of FRST.txt ============================



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 28 March 2016 - 07:38 AM

Hey :)

 

Good job getting FRST moved, removing programs and getting firewall turned on.

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop.

 


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

After running the fix, let me know how your computer is behaving.

Attached Files


Best Regards,
oneof4.


#12 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 March 2016 - 08:32 AM

Ran the last fix, i still can not get windows update to work, i get the error code 80096001.

 

Everything else seems to work.



#13 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 March 2016 - 08:33 AM

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melissa (2016-03-28 07:32:01) Run:2
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:

CloseProcesses:

 

HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ZPFYBW\test[1].dll No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

CHR HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx [2012-10-30]

 

S3 KSSBVUUC; C:\Users\Melissa\AppData\Local\Temp\KSSBVUUC.exe [X]

NETSVC: pivotmou -> no filepath.
NETSVC: ssidrv -> no filepath.
NETSVC: admjoy -> no filepath.
NETSVC: SNPSTD3 -> no filepath.

2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Local\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\ProgramData\Babylon

2012-10-30 20:42 - 2012-10-30 20:42 - 0290500 _____ () C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx

C:\Users\Melissa\AppData\Local\Temp\DeltaTB.exe

CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
2016-03-26 12:24 - 2014-08-05 19:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
AlternateDataStreams: C:\Windows\$NtUninstallKB20659$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [292]
AlternateDataStreams: C:\Users\Public\Export20091211-001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_002.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_003.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_004.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_005.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_006.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_007.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_011.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_002.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_003.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_004.mpg:TOC.WMV [130]

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value not found.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key not found.
HKCR\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key not found.
HKCR\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key not found.
HKCR\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell => key not found.
HKCR\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value not found.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => key not found.
"C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx" => not found.
KSSBVUUC => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pivotmou => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ssidrv => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs admjoy => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SNPSTD3 => not found.
"C:\Users\Melissa\AppData\Roaming\Babylon" => not found.
"C:\Users\Melissa\AppData\Local\Babylon" => not found.
"C:\ProgramData\Babylon" => not found.
"C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx" => not found.
"C:\Users\Melissa\AppData\Local\Temp\DeltaTB.exe" => not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA} => key not found.
"C:\Program Files\Everything\Everything.exe" => not found.
"C:\Windows\$NtUninstallKB20659$" => ":SummaryInformation" ADS not found.
"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.
"C:\Users\Public\Export20091211-001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_002.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_003.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_004.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_005.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_006.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_007.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_011.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_002.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_003.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_004.mpg" => ":TOC.WMV" ADS not found.

The system needed a reboot.

==== End of Fixlog 07:32:31 ====



#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:37 AM

Posted 28 March 2016 - 09:36 AM

Please run another FRST scan for me and check the box for another "Addition.txt" as well.  The fixlist results were not what I expected so let's see if a fresh scan with FRST shows the same results as before.


Best Regards,
oneof4.


#15 LucyG2

LucyG2
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 28 March 2016 - 01:33 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melissa (2016-03-28 12:32:40) Run:4
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:

CloseProcesses:

 

HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9ZPFYBW\test[1].dll No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CtD0D0C0F0F0B0CyD0A0DtN0D0Tzu0CtAtDyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1383619917
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-434172673-3515576942-756710206-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

CHR HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx [2012-10-30]

 

S3 KSSBVUUC; C:\Users\Melissa\AppData\Local\Temp\KSSBVUUC.exe [X]

NETSVC: pivotmou -> no filepath.
NETSVC: ssidrv -> no filepath.
NETSVC: admjoy -> no filepath.
NETSVC: SNPSTD3 -> no filepath.

2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\Users\Melissa\AppData\Local\Babylon
2016-03-26 12:22 - 2016-03-26 12:22 - 00000000 ____D C:\ProgramData\Babylon

2012-10-30 20:42 - 2012-10-30 20:42 - 0290500 _____ () C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx

C:\Users\Melissa\AppData\Local\Temp\DeltaTB.exe

CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\DefaultPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll => No File
2016-03-26 12:24 - 2014-08-05 19:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
AlternateDataStreams: C:\Windows\$NtUninstallKB20659$:SummaryInformation [0]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [292]
AlternateDataStreams: C:\Users\Public\Export20091211-001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_002.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_003.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_004.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_005.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_006.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_007.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Export20091211-001_011.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_001.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_002.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_003.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\Public\Test_004.mpg:TOC.WMV [130]

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value not found.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key not found.
HKCR\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key not found.
HKCR\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key not found.
HKCR\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell => key not found.
HKCR\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value not found.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => key not found.
"C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx" => not found.
KSSBVUUC => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pivotmou => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ssidrv => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs admjoy => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SNPSTD3 => not found.
"C:\Users\Melissa\AppData\Roaming\Babylon" => not found.
"C:\Users\Melissa\AppData\Local\Babylon" => not found.
"C:\ProgramData\Babylon" => not found.
"C:\Users\Melissa\AppData\Local\funmoods-speeddial_sf.crx" => not found.
"C:\Users\Melissa\AppData\Local\Temp\DeltaTB.exe" => not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1} => key not found.
HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA} => key not found.
"C:\Program Files\Everything\Everything.exe" => not found.
"C:\Windows\$NtUninstallKB20659$" => ":SummaryInformation" ADS not found.
"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.
"C:\Users\Public\Export20091211-001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_002.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_003.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_004.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_005.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_006.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_007.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Export20091211-001_011.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_001.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_002.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_003.mpg" => ":TOC.WMV" ADS not found.
"C:\Users\Public\Test_004.mpg" => ":TOC.WMV" ADS not found.

The system needed a reboot.

==== End of Fixlog 12:33:05 ====


Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Melissa (2016-03-28 12:21:58)
Running from C:\Users\Melissa\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-12-05 23:52:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-434172673-3515576942-756710206-500 - Administrator - Disabled)
Guest (S-1-5-21-434172673-3515576942-756710206-501 - Limited - Disabled)
Melissa (S-1-5-21-434172673-3515576942-756710206-1000 - Administrator - Enabled) => C:\Users\Melissa
Todd (S-1-5-21-434172673-3515576942-756710206-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader 8.1.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.5 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Amazon MP3 Downloader 1.0.9 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
Amazon MP3 Uploader (HKLM\...\com.amazon.music.uploader) (Version: 1.0.7 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.7 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS DVDMenu Editor 1.2.1.19 (HKLM\...\AVS DVDMenu Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 5.6 (HKLM\...\AVS4YOU Video Converter_is1) (Version:  - Online Media Technologies Ltd.)
BELKIN F5U109 (HKLM\...\{16115E10-502B-4EA0-BD39-4DA329AD89E2}) (Version: 2.01 - Belkin Components)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
DBsign Web Signer (HKLM\...\{44D21B77-D4FC-49E8-A726-CD00D5016703}) (Version: 2.3.6.0 - )
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DriverIdentifier 5.1 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Facebook Plug-In (HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Fusion (HKLM\...\{038B6212-CF91-408C-930B-75A0FD51490D}) (Version: 1.0.56 - Edge Products)
Garmin MapSource (HKLM\...\{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}) (Version: 6.15.7.0 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gemplus Smart Card Reader Tools (HKLM\...\Gemplus Smart Card Reader Tools) (Version:  - )
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Talk (remove only) (HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HP Printer Utility (HKLM\...\{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}) (Version: 1.4.1.16 - Hewlett-Packard)
HP Proactive Services (HKLM\...\{7527CD9F-894E-47B3-9AFB-3E680E007051}) (Version: 1.6.0.37 - Hewlett-Packard)
InstallAssist (HKLM\...\{5C565EA7-370B-4CEE-8385-3516DEE5A758}_is1) (Version: 1.0.0 - Shop To Win, LLC)
InterVideo WinDVD SE (HKLM\...\InstallShield_{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}) (Version: 8.0-B6.196 - Corel Corporation)
InterVideo WinDVD SE (Version: 8.0-B6.196 - Corel Corporation) Hidden
iTunes (HKLM\...\{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}) (Version: 9.0.3.15 - Apple Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Juniper Networks Host Checker (HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Neoteris_Host_Checker) (Version: 7.0.0.16899 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-434172673-3515576942-756710206-1000\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
KB408682 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}_814) (Version:  - Adobe Systems Incorporated)
Laptop Integrated Webcam Driver (1.03.02.0719)   (HKLM\...\Creative OEM002) (Version:  - )
MapSource - US Topo v3.02 (HKLM\...\{AD4203ED-7683-435E-B436-C299773A9936}) (Version:  - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Vista Upgrade Advisor (HKLM\...\{E0EB8881-0CFE-4375-8782-8807D258CD7C}) (Version: 1.0.1 - Microsoft)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 15.0 (x86 en-US) (HKLM\...\Mozilla Firefox 15.0 (x86 en-US)) (Version: 15.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 15.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NEF Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Photo Viewer 2.4 (HKLM\...\Photo Viewer) (Version:  - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Quicken WillMaker Plus 2007 (HKLM\...\Quicken WillMaker Plus 2007) (Version:  - )
QuickSet (HKLM\...\{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}) (Version: 8.2.14 - Dell Inc.)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
RadioShack USB to Serial Driver (HKLM\...\{CB257573-7809-4208-8531-F7A1738D2F37}) (Version: 3.1.3.1 - RadioShack)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Thomson Clinical Xpert (HKLM\...\{0128A79D-D481-448E-89E1-F697B70DEC44}) (Version: 1.00.000 - )
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
US Tech Support Framework (HKLM\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4558 - US Tech Support LLC)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-434172673-3515576942-756710206-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014F6C03-3C32-426D-85CB-1ACB15BADB9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-25] (Google Inc.)
Task: {0E4A60A1-E1EF-46BE-94CC-B88E73B707D9} - System32\Tasks\{13BCFB6F-25F0-486C-ABC4-3FF69D8D2645} => pcalua.exe -a "C:\Program Files\palmOne\QuickInstall.exe" -d C:\Users\Melissa\Desktop
Task: {1849E0B3-BC00-4DAB-B847-62351D599B3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EAD03B2-CC2F-4D0F-8F9D-0A84EEA786F6} - System32\Tasks\{8C661174-6F7A-40DB-9A33-DB39353CAE4B} => pcalua.exe -a E:\Welcome.exe -d E:\
Task: {26B259CF-9176-40B6-9DA8-7763A271EECA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09] (Adobe Systems Incorporated)
Task: {5F95BF52-FCC3-405E-AFA8-DE429CF151C4} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.6.0.142\SymErr.exe
Task: {6E0AA100-27CE-4CBC-8B7C-419DFED955D1} - System32\Tasks\USTSPCO-USTSPCOOneClickCare => C:\Program Files\USTechSupport\PC Optimizer\USTSPCO.exe
Task: {76F26C65-A513-4765-940D-53D116802658} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.6.0.142\WSCStub.exe
Task: {7BFB855B-635A-4F06-BCE4-8130A3188493} - System32\Tasks\{03B8434B-9A04-4CEB-B8F6-D3FDF2C0E5A3} => pcalua.exe -a C:\Users\Melissa\Desktop\MapSource_6157.exe -d C:\Users\Melissa\Desktop
Task: {7D6A0EDC-F6CB-454F-BBD9-8C82FCBAC8CE} - System32\Tasks\{F7C6A0CB-811C-4EC8-A213-784013484D1A} => pcalua.exe -a "C:\Program Files\palmOne\Instapp.exe" -d "C:\Program Files\palmOne\"
Task: {80713839-9B22-4A62-B699-F9C00530F8C5} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.6.0.142\SymErr.exe
Task: {82DBC814-B3DE-4AE2-A63F-A3A79130093E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {ABD4A2A8-29B1-48C2-8663-EB3E6EB5E0CC} - System32\Tasks\{7097ED65-5FEC-4829-A2C7-F408EDABA8C3} => pcalua.exe -a "C:\Program Files\Gemplus\ReaderTools\Installer\Setup.exe" -d "C:\Program Files\Gemplus\ReaderTools\Installer"
Task: {BE845843-9263-4E39-845A-9B1F51371C65} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {CC12662A-DBD9-4CD7-AD48-62E3865F20E0} - System32\Tasks\LAUNCH CDPCO => C:\Program Files\USTechSupport\PC Optimizer\USTSPCO.exe
Task: {DFDB8E5B-A658-4F07-ABFB-8AEF74F998AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-25] (Google Inc.)
Task: {FF69A425-AC6C-4B78-9D98-A25F3A01001A} - System32\Tasks\{0975EFA6-8933-4FCE-904E-D5A30A1DECC2} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.0.0.120&amp;LastError=-3

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-12-05 18:09 - 2007-03-21 13:33 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2007-12-05 18:09 - 2007-03-21 13:33 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-01-17 17:31 - 2006-11-02 07:40 - 00174656 ____R () C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2007-12-06 01:45 - 2007-09-26 04:47 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2010-07-04 15:32 - 2010-07-04 15:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 15:32 - 2010-07-04 15:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-07-12 07:52 - 2012-07-12 07:52 - 01073544 _____ () C:\Program Files\Common Files\USTechSupport\DEL\DEL_dll.dll
2010-07-04 13:51 - 2010-07-04 13:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ____R () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78133074.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78133074.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR310 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311.SYS => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2012-12-10 11:05 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-434172673-3515576942-756710206-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 69.144.127.53 - 71.10.216.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: dscactivate => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: gemstrmw => C:\Windows\system32\gemstrmw.exe /r
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: GuideMenu => C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: pccguide.exe => "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PUStarter => C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunPUTasktray => "C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{76D1B626-67E2-48EB-A2DB-83A3171D74E3}] => (Allow) C:\Program Files\Dell\MediaDirect\PowerCinema.exe
FirewallRules: [{3D9266A7-FD40-41E9-99FB-6735615CB5A3}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
FirewallRules: [{2259A585-A918-4FD4-912A-1CDC1AF86591}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{993E7FDA-71B9-4622-8609-B19F26DB1115}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
FirewallRules: [{57BB96CD-4AD2-403C-8B71-4183A6344D1E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C675411E-C1F9-4667-B33C-01C637D04ADC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3360B467-785E-4727-8888-43B3B36AB7CA}] => (Allow) LPort=80
FirewallRules: [{0911FA04-B2F6-4173-B8DD-CC257B04B07D}] => (Allow) LPort=80
FirewallRules: [{B1C096A8-1186-462C-BB9A-57E45DEE0C79}] => (Allow) LPort=80
FirewallRules: [{76DDF4D3-8EBF-40BF-B577-6A76207A9FE8}] => (Allow) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{71DA0077-6E3A-4578-86E6-D8150FCA3676}] => (Allow) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{55F7A1C5-65C6-4957-AD3F-2E99E5F5981A}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{234C8DF4-61D5-4067-B7DA-9969E4A8D0B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC5B4A62-BCF9-4933-801E-F68CB0A4F659}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BFE9E2C-24B0-4A32-9E78-68756B0DFFA7}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{B0433CE9-30AA-4BDF-8D3D-E3928B698650}C:\program files\imovicha\imovicha.exe] => (Allow) C:\program files\imovicha\imovicha.exe
FirewallRules: [UDP Query User{65269759-6E18-459E-A84B-67934E4F9966}C:\program files\imovicha\imovicha.exe] => (Allow) C:\program files\imovicha\imovicha.exe
FirewallRules: [{2B6DFDF9-9F28-4F8F-920B-6AAF7A93002E}] => (Allow) C:\Program Files\Tango\Tango.exe
FirewallRules: [{3266E567-FAC7-4A6F-B0AB-FF09D8797D87}] => (Allow) C:\Program Files\Tango\Tango.exe
FirewallRules: [TCP Query User{97E4EC94-CBED-40F8-BEC5-8FC90DC6CD77}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{3DC10DCF-1C1D-4739-A22C-ABA8AEB01169}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{B0702A07-4F68-4C94-951D-1FD08F393F52}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6FF950BC-1528-427F-BCE2-BCD9FD9E06EF}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2677506D-423D-427C-BB99-0CB9ACCBA65C}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{06BE6D6A-8EB9-4E86-9E23-8B1C95D39993}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe] => Enabled:HP Printer Utility HPPURun
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe] => Enabled:HP Printer Utility HPPURun

==================== Restore Points =========================

12-03-2013 09:30:07 Scheduled Checkpoint
13-03-2013 16:46:17 Scheduled Checkpoint
15-03-2013 11:19:50 Scheduled Checkpoint
16-03-2013 10:55:50 Scheduled Checkpoint
17-03-2013 10:07:08 Scheduled Checkpoint
21-03-2013 13:01:12 Scheduled Checkpoint
29-03-2013 14:42:41 Scheduled Checkpoint
30-03-2013 10:15:53 Scheduled Checkpoint
31-05-2013 12:44:40 Scheduled Checkpoint
23-09-2013 06:31:29 Installed Microsoft Visual C++ 2005 Redistributable
23-09-2013 06:40:18 Installed Seagate Dashboard 2.0.
26-09-2013 18:29:27 Restore Operation
26-09-2013 18:50:37 Restore Operation
25-06-2014 09:42:09 Scheduled Checkpoint
27-06-2014 17:27:27 Scheduled Checkpoint
28-06-2014 08:02:24 Scheduled Checkpoint
18-08-2014 14:41:08 Scheduled Checkpoint
22-11-2014 15:31:51 Scheduled Checkpoint
25-03-2016 20:21:40 Installed Windows 7 Upgrade Advisor
26-03-2016 07:24:05 Removed Edge MyStyle
26-03-2016 07:28:01 Configured GuideMenu
26-03-2016 07:30:32 Removed Live! Cam Avatar Creator
26-03-2016 07:31:15 Removed Ulead DVD MovieFactory
26-03-2016 07:32:16 Removed Seagate Dashboard 2.0.
26-03-2016 07:34:54 Removed Skype™ 6.0
26-03-2016 14:51:10 Installed Microsoft Windows Vista Upgrade Advisor
27-03-2016 19:30:12 Restore Point Created by FRST
27-03-2016 19:55:19 Installed Microsoft Fix it 50528
27-03-2016 20:17:48 Restore Point before Corrupt Patch Registry keys
28-03-2016 07:32:01 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IP) - Trend Micro Common Firewall Miniport
Description: Trend Micro Common Firewall Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Trend Micro
Service: tmcfw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IPv6) - Trend Micro Common Firewall Miniport
Description: Trend Micro Common Firewall Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Trend Micro
Service: tmcfw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor) - Trend Micro Common Firewall Miniport
Description: Trend Micro Common Firewall Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Trend Micro
Service: tmcfw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2016 07:32:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {93952d7a-5b39-4216-a395-d92a6b1b24f9}

Error: (03/27/2016 08:43:48 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/27/2016 08:26:46 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/27/2016 08:17:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {de6893f0-ef23-435d-aa34-c1c2276123d1}

Error: (03/27/2016 07:56:27 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/27/2016 07:55:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {914d5e01-bd6c-4826-bbd0-6f733d01fb0f}

Error: (03/27/2016 07:31:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\MELISSA\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/27/2016 07:31:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\MELISSA\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\LOW\HISTORY.IE5\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/27/2016 07:31:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\MELISSA\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\LOW\HISTORY.IE5\MSHIST012016032720160328> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/27/2016 07:31:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\MELISSA\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016032720160328> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (03/28/2016 07:34:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing Service%%1058

Error: (03/28/2016 07:34:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Net.Pipe Listener Adapterwas

Error: (03/28/2016 07:34:22 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Net.Msmq Listener Adaptermsmq

Error: (03/28/2016 07:32:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Google Update Service (gupdate)1

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Yahoo! Updater1

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: US Tech Support Scheduling Service1

Error: (03/28/2016 07:32:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 69%
Total physical RAM: 2037.31 MB
Available physical RAM: 612.55 MB
Total Virtual: 5029.33 MB
Available Virtual: 3490.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:136.47 GB) (Free:57.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.73 GB) NTFS
Drive e: (EdgeFM 1.11) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users