Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen hell computer. Please help.


  • This topic is locked This topic is locked
6 replies to this topic

#1 free_maleik

free_maleik

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 30 May 2017 - 10:16 PM

Firstly, just to ensure that I've got this pasted and posted before the browser freezes and forces me to ctrl-alt-del it closed yet again, here is the log that I have from hijack this. I will make my sincerest effort to get as many relevant details necessary posted here as quickly as this computer will allow me to.

 

Long story short, this computer wouldn't start up at all when I received it... but, eventually after running system recovery a number of times with little success, it worked. Then, upon getting to the log in screen, I could not get past a blank blue screen with a mouse cursor after logging in as the administrator (the only account available to use at the time). Then, after reading up on some information and advice I created another account (this one also being an administrator) after successfully getting the computer to start up like 'normal' after choosing "safe mode with networking" at the prompt. From then I have not yet logged out of this original administrator account and into the newly created one as the advice advised me to as having windows running in a functional manner at all for the first time in the three days I've had it I'm trying to do as much as I can while I am capable of doing so. (god forbid I log out and find myself back at square one).

 

So here's the log and I will follow up with more details (32 or 64 bit, other programs logs [I see there is a new program that you are all using asides hijackThis! while reading the introductory instructional post, I'll try to run that too], really just whatever possible that you need and have requested in the *read me* post at the top of the forum) as soon as humanly possible. In the meantime, if you have a chance to read through this and see something wrong before then... do let me know!

 

Thank you immensely!

 

***NOTE: I downloaded FRST and have posted those logs as well as I'd read further through the introduction topic, and they're just a few posts down from here. You can find them on this page in this thread. Thank you for reading, scrolling, and being patient! Certainly hope you can help!***

 

***HIJACKTHIS LOG***

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:45:22 PM, on 5/30/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)


Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\click me\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10355 bytes
 


Edited by free_maleik, 31 May 2017 - 12:10 AM.


BC AdBot (Login to Remove)

 


#2 free_maleik

free_maleik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 30 May 2017 - 11:44 PM

Information regarding my computer:

 

Windows 7 Home Premium

service pack 1

64 bit OS

 

Had to force shut-down the computer because it locked up when I right clicked on 'computer' in the start bar to find out this information. Started back up and was unable to log in to the computer using the new administrator account I'd created. Had to run a system restore to a point earlier today to get back logged in with 'safe mode+networking'. Then had to reinstall hijackthis and mozilla to get on here again. Here's an error message I got a minute ago when I tried turning on internet explorer (which I can only access by opening up explorer.exe (the computer's folder browser) and typing in http...etc into the adress bar with the website and it would pull up internet explorer. Firefox is a bit more stable but still crashes occasionaly when it comes to having too many forms on the page or something (internet explorer has a fit if I leave a cursor blinking in an available field on the screen for more than a few seconds and has to be force closed before I can use it again)

 

((placeholder, I'm going to have to upload this and edit it in firefox because internet explorer won't allow a drag and drop to imgur))

 

Edit: here's the error message

gfyIG9y.jpg


Edited by free_maleik, 30 May 2017 - 11:49 PM.


#3 free_maleik

free_maleik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 31 May 2017 - 12:01 AM

Another important problem of note (and I don't believe this has anything to do with me running the computer in safe mode, I feel it should be working fine regardless of that) but my sound does not seem to be working at all. I've got no sound output whatsoever on this laptop. Please let me know if there's anything that can be done about that and if you see anything in these logs that might imply why this is an issue. (Or,, heck, maybe it is just how safe mode works. I've never noticed myself.)

When I go to click on the speaker in the right hand bottom corner, instead of giving me a volume gauge to adjust the sound level, it gives me a window with an ever-scrolling 'loading' type bar that says "Detecting problems", and then it doesn't seem to find any. The bar just keeps scrolling from one end to the other, endlessly. Any help or advice on that matter is majorly appreciated, as I've come to find that most of my computer's functionality is there (albeit not super quick or very well), so if I were to have sound, this could be a minimally functional computer for the purposes I need it for, even in safe mode. Let me know... thank you immensely! I need working sound!!

 

I knew there was another program they wanted me to scan with in the introductory thread... just had a chance to install and run it. Here's what I've got from that:

 

***FIRST LOG***

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by click me (administrator) on CLICKME-HP (30-05-2017 23:55:46)
Running from C:\Users\click me\Desktop
Loaded Profiles: click me (Available Profiles: click me)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-03-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [319544 2011-03-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\RunOnce: [!unattend003] => c:\Windows\system32\WScript.exe C:\System.sav\Util\TDC\Lhidecmd.vbs C:\System.Sav\Util\POSTPIN\PostPININST.CMD
HKLM\...\RunOnce: [!unattend004] => c:\hp\bin\hputilck.exe c:\hp\bin\commands /c c:\hp\bin\cmdline.cmd
HKLM\...\RunOnce: [!unattend005] => c:\Windows\system32\WScript.exe C:\System.sav\Util\TDC\hidecmd.vbs C:\System.Sav\Util\POSTPIN\PostLAST.cmd
HKLM\...\RunOnce: [rmaftobe] => C:\System.sav\Util\postpin\rmaftobe.vbs [440 2010-09-04] ()
HKLM\...\RunOnce: [tpntobhk] => C:\System.sav\Util\postpin\tpntobhk.vbs [525 2010-01-28] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-45373687-1255769218-1417122656-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-13] (EasyBits Software Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{045167BB-C66B-4DA0-A804-FCFC98FF16E1}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Tcpip\..\Interfaces\{6E4057A7-6025-4C8D-BA33-BB2830563F3B}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-45373687-1255769218-1417122656-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-45373687-1255769218-1417122656-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-13] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-03] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL [2010-11-30] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-13] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)

FireFox:
========
FF DefaultProfile: swhuast5.default
FF ProfilePath: C:\Users\click me\AppData\Roaming\Mozilla\Firefox\Profiles\swhuast5.default [2017-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: (Norton IPS) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2017-05-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn [2011-07-20] [not signed]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-13] (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-13] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [476792 2010-11-10] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\ENG64.SYS [117880 2011-01-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\EX64.SYS [1791096 2011-01-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSP64.SYS [735864 2010-11-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS [40568 2010-11-22] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1205000.07D\SYMDS64.SYS [450608 2010-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [802864 2010-11-17] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-07-20] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS [382072 2010-11-30] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-30 23:55 - 2017-05-30 23:59 - 00011288 _____ C:\Users\click me\Desktop\FRST.txt
2017-05-30 23:55 - 2017-05-30 23:55 - 00000000 ____D C:\FRST
2017-05-30 23:52 - 2017-05-30 23:53 - 02429952 _____ (Farbar) C:\Users\click me\Desktop\FRST64.exe
2017-05-30 23:43 - 2017-05-30 23:43 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-30 23:43 - 2017-05-30 23:43 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-30 23:33 - 2017-05-30 23:33 - 00057560 _____ C:\Users\click me\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-30 23:28 - 2017-05-30 23:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\click me\Desktop\HijackThis.exe
2017-05-30 23:28 - 2017-05-30 23:28 - 00010360 _____ C:\Users\click me\Desktop\hijackthis logfile 2.txt
2017-05-30 23:24 - 2017-05-30 23:24 - 00246056 _____ (Mozilla) C:\Users\click me\Desktop\Firefox Setup Stub 53.0.3.exe
2017-05-30 23:04 - 2017-05-30 23:04 - 00000000 ____D C:\Users\maliek\AppData\Local\VirtualStore
2017-05-30 23:02 - 2017-05-30 23:02 - 00000020 ___SH C:\Users\maliek\ntuser.ini
2017-05-30 23:02 - 2017-05-30 23:02 - 00000000 _SHDL C:\Users\maliek\My Documents
2017-05-30 23:02 - 2017-05-30 23:02 - 00000000 _SHDL C:\Users\maliek\Documents\My Videos
2017-05-30 23:02 - 2017-05-30 23:02 - 00000000 _SHDL C:\Users\maliek\Documents\My Pictures
2017-05-30 23:02 - 2017-05-30 23:02 - 00000000 _SHDL C:\Users\maliek\Documents\My Music
2017-05-30 23:02 - 2017-05-30 23:02 - 00000000 ____D C:\Users\maliek
2017-05-30 23:02 - 2011-07-20 02:27 - 00000000 ____D C:\Users\maliek\AppData\Roaming\Media Center Programs
2017-05-30 22:52 - 2017-05-30 23:09 - 00169018 _____ C:\Windows\ntbtlog.txt
2017-05-30 21:28 - 2017-05-30 23:44 - 00000000 ____D C:\Users\click me\AppData\LocalLow\Mozilla
2017-05-30 21:26 - 2017-05-30 23:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-30 21:26 - 2017-05-30 23:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-30 21:26 - 2017-05-30 21:33 - 00000000 ____D C:\Users\click me\AppData\Local\Mozilla
2017-05-30 21:26 - 2017-05-30 21:28 - 00000000 ____D C:\Users\click me\AppData\Roaming\Mozilla
2017-05-30 20:46 - 2017-05-30 20:46 - 00010357 _____ C:\Users\click me\Desktop\hijackthis logfile 1.txt
2017-05-30 20:41 - 2017-05-30 20:41 - 00000000 ____D C:\Users\click me\AppData\Roaming\Macromedia
2017-05-30 20:40 - 2017-05-30 20:40 - 00000000 ____D C:\Users\click me\AppData\Roaming\Adobe
2017-05-30 11:27 - 2017-05-30 23:25 - 00000000 ____D C:\Users\click me\AppData\Local\CrashDumps
2017-05-30 11:10 - 2017-05-30 11:10 - 00000000 ____D C:\Windows\System32\Tasks\Symantec
2017-05-30 11:10 - 2017-05-30 11:10 - 00000000 ____D C:\Users\click me\AppData\Local\VirtualStore
2017-05-30 11:09 - 2017-05-30 22:53 - 00000000 ____D C:\Users\click me
2017-05-30 11:09 - 2017-05-30 11:09 - 00000020 ___SH C:\Users\click me\ntuser.ini
2017-05-30 11:09 - 2017-05-30 11:09 - 00000000 _SHDL C:\Users\click me\My Documents
2017-05-30 11:09 - 2017-05-30 11:09 - 00000000 _SHDL C:\Users\click me\Documents\My Videos
2017-05-30 11:09 - 2017-05-30 11:09 - 00000000 _SHDL C:\Users\click me\Documents\My Pictures
2017-05-30 11:09 - 2017-05-30 11:09 - 00000000 _SHDL C:\Users\click me\Documents\My Music
2017-05-30 11:09 - 2011-07-20 02:27 - 00000000 ____D C:\Users\click me\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-30 23:49 - 2011-07-20 01:48 - 00000000 ____D C:\ProgramData\Norton
2017-05-30 23:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-05-30 23:13 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-30 23:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-05-30 23:03 - 2011-05-13 22:19 - 00000000 ____D C:\ProgramData\RoxioNow
2017-05-30 23:02 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-30 17:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-30 12:05 - 2011-05-13 22:11 - 00000000 ____D C:\ProgramData\WildTangent
2017-05-30 12:05 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-05-30 11:10 - 2011-02-10 12:23 - 00000000 ___HD C:\SYSTEM.SAV
2017-05-30 11:10 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup
2017-05-30 11:09 - 2011-07-20 01:31 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat
2017-05-30 11:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-30 11:08 - 2009-07-13 21:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-30 11:08 - 2009-07-13 21:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-30 11:07 - 2007-01-01 18:25 - 00000000 ____D C:\Windows\Panther

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2007-01-01 18:26

==================== End of FRST.txt ============================

 

 

***SECOND LOG***

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by click me (31-05-2017 00:00:04)
Running from C:\Users\click me\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-30 18:09:50)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-45373687-1255769218-1417122656-500 - Administrator - Disabled)
click me (S-1-5-21-45373687-1255769218-1417122656-1001 - Administrator - Enabled) => C:\Users\click me
Guest (S-1-5-21-45373687-1255769218-1417122656-501 - Limited - Enabled)
maliek (S-1-5-21-45373687-1255769218-1417122656-1002 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{F1BB1C5F-E94E-454C-B385-23016566644F}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{294C2687-77C0-4E1D-83DE-97680786602C}) (Version: 2.4.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.5.0.125 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {85E4BBEC-5C11-4F55-87AC-9BC87B17030A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {C2432168-52EB-4C13-83D3-14B8F52B5207} - System32\Tasks\Symantec\Norton Error Analyzer 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe [2010-12-03] (Symantec Corporation)
Task: {C4AB5B6D-AD60-4E88-8904-CFEA35E35867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2011-02-23] (Hewlett-Packard Company)
Task: {D5535759-96CB-4AB4-8AF1-293710AD924A} - System32\Tasks\Symantec\Norton Error Processor 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe [2010-12-03] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FB0CE133-8447-4AA3-88C7-6CF36DF06E4F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{78C56F75-021B-4B94-9892-FF8D5978EEDA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{3B7E4119-98E5-43D0-9099-2CB254BEEE97}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{0F75DAF7-0124-47EA-B99C-E5B806517B34}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{611586DD-3929-469E-8377-BFC5D7473706}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3AB1883C-036C-44AA-A35D-18CB39505BFC}] => (Allow) LPort=2869
FirewallRules: [{54B5F21D-9705-41F2-B89E-F9080CC2A5D7}] => (Allow) LPort=1900
FirewallRules: [{B540B11F-355C-4428-9E17-63EBBFDE7DA3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3B9AB165-3A62-4207-BD8F-11626CE1F9A4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FCD14C10-0773-41DD-A359-2DFE8611FCE9}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{AA34C062-36A3-4404-8A6D-C35396050E50}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{A405676F-FFFB-43FC-907B-3FDCACB2DB57}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CC9B2C8-5941-497C-8EDC-78225B81C1BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

30-05-2017 11:10:47 First_User_Boot

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2017 11:25:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16421, time stamp: 0x4d7625fa
Exception code: 0xc0000005
Fault offset: 0x00064959
Faulting process id: 0x7f0
Faulting application start time: 0x01d2d9d4f15698f1
Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\system32\IEFRAME.dll
Report Id: f4e4cbfb-45c9-11e7-a60f-441ea1dcfd40

Error: (05/30/2017 11:10:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 11:04:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 10:54:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 08:33:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 08:17:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 06:16:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 05:01:57 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program BTBExec because of this error.

Program: BTBExec
File: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (05/30/2017 05:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BTBExec.exe, version: 1.0.0.0, time stamp: 0x452eef76
Faulting module name: mscorwks.dll, version: 2.0.50727.5420, time stamp: 0x4ca2b7e1
Exception code: 0xc0000006
Fault offset: 0x00000000001ab2a8
Faulting process id: 0xa68
Faulting application start time: 0x01d2d9a0b072cb3d
Faulting application path: c:\hp\bin\BTBExec.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
Report Id: 5c36fab1-4594-11e7-a6cc-441ea1dcfd40

Error: (05/30/2017 04:53:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/30/2017 11:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:43:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:18:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:18:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:18:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/30/2017 11:15:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/30/2017 11:10:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/30/2017 11:10:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info ===========================

Processor: AMD Phenom™ II P960 Quad-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 3834.9 MB
Available physical RAM: 2904.66 MB
Total Virtual: 7668 MB
Available Virtual: 6785.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:284.48 GB) (Free:260.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.31 GB) (Free:1.49 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 381D09F3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================


Edited by free_maleik, 31 May 2017 - 12:58 AM.


#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 03 June 2017 - 10:18 PM

Hello free_maleik,

 

Please tell me your first name or give me a short nickname.

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

 

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 RayS

RayS

  • Malware Study Hall Senior
  • 2,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 09 June 2017 - 11:06 AM

Hello free_maleik, and welcome to Bleeping Computer.

Please call me "Ray".

I will be helping you with your computer problem. If you would permit me to call you by your first name or a short nickname, please tell it to me.
 

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything or run (or re-run) any tools without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Run the System File Checker (SFC)

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces corrupted, modified, or incorrect versions with the correct versions, if possible.

Note: Be aware that if you have modified your system files, running sfc /scannow will revert the system files such as explorer.exe back to its default state.

Note: Make the appropriate backups of your system files that you have modified, if you wish to save them before running sfc /scannow.

  • Click the Windows Start Orb in the bottom-left.
  • In the search box, type cmd
  • In the search results, right-click cmd.exe then click Run as Administrator.
  • Copy and paste the following line of text into the black box:
sfc /scannow 
  • Press Enter to run the command.

note: this scan may take a while to finish, and if SFC reports that it could not fix something, run the command again. Sometimes it may take running the sfc /scannow command three or more times to completely fix everything that it is able to fix.To retrieve the System File Checker log:


  • Click the Windows Start Orb in the bottom-left.
  • In the search box, type cmd
  • In the search results, right-click cmd.exe then click Run as Administrator.
  • Copy and paste the following line of text into the black box:
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > "%userprofile%\desktop\sfcdetails.txt"
  • Press Enter to run the command. A text file sfcdetails.txt will be created on your desktop.
  • Please post the contents of sfcdetails.txt into your next reply.

Note: It is possible that sfcdetails.txt will be blank. Let me know if sfcdetails.txt is empty.

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box. (Place your cursor inside the code box and press Ctrl+A)
  • Now press Ctrl+C to copy the contents into your clipboard
Start::

CloseProcesses:
File: C:\Program Files\IDT\WDM\sttray64.exe
File: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
C:\Program Files\Windows Defender\mpsvc.dll
File: C:\Users\click me\AppData\Local\GDIPFONTCACHEV1.DAT
CMD: bcdedit /enum /v
File: C:\System.sav\Util\postpin\rmaftobe.vbs
File: C:\System.sav\Util\postpin\tpntobhk.vbs

End::
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.



Try boot modes

First attempt to start in Normal Boot. If that fails, second, attempt Clean Boot. If that fails, finally start in Safe Mode with Networking.

Whichever boot mode starts first, do the following and answer the questions:

  • Launch Firefox. Are you able to browse normally?
  • Launch several other programs. Do they operate normally?
  • Launch Microsoft Internet Explorer (MSIE). Are you able to browse normally with MSIE?
  • Is audio volume control operating normally?

If you are unable to start in Normal Boot, use the following steps to start in Clean Boot:

  • Press Ctrl + R and type msconfig into the Run window. Then click OK. (If prompted for confirmation, click Yes/OK.)
  • In the System Configuration window, on the General tab, click Selective startup and remove the checkmark from Load startup items.
  • On the Services tab, add a checkmark to the Hide all Microsoft services check box, and then click Disable all.
  • Click OK, and then restart your computer.

Note: When you are done with Clean Boot mode, use msconfig again to re-enter the System Configuration window and on the General tab, click Normal Startup and reboot your PC.


If you were unable to start in Normal Boot or in Clean Boot, describe all symptoms and give me verbatim error messages, if any. Then start in Safe Mode with Networking and answer the four numbered questions above while in Safe Mode.


Re-scan with Farbar Recovery Scan Tool

Do this in whichever boot mode you were able to get into first.

This tool is frequently updated. Please download a fresh copy of 64-bit Farbar Recovery Scan Tool and save it to your Desktop. 

  • Right-click FRST64 then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

Summary


  1. Please confirm that you have backed up all your important files.
  2. Copy and paste the entire contents of sfcdetails.txt into the body of your message.
  3. Copy and paste the entire contents of Fixlog.txt into the body of your message.
  4. Were you able to start in Normal Boot? If not, give me symptoms and error messages.
  5. Were you able to start in Clean Boot? If not, give me symptoms and error messages.
  6. Is audio volume working normally?
  7. Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.

Before you post your reply, please be sure you have addressed all seven of the issues summarized above.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 AM

Posted 13 June 2017 - 03:38 AM

Hello,

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:23 PM

Posted 15 June 2017 - 02:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users