Jump to content

kladyelf

Honorary Members
 View Profile  See their activity

  • Posts

    52

  • Joined

  • Last visited

Reputation

0 Neutral
  1. kladyelf
    Actually I had a BSOD just the other night, just before I was going to turn in - but it happened so quickly I couldn't tell you what the text said
  2. kladyelf
    I see usasma has requested some information too, so here 'tis in the next post. I also am going to run the diagnostics suggested: HDD diagnosis, memtest, HW monitor, etc. If it gives me anything to post I will put it up on this thread admin13715.zip
  3. kladyelf
    OK here is the perfmon (see attachment) My OS is Windows Vista, it is a Desktop computer. it is 32 bit, genuine and came with the system (from memory) - I had the computer built and this is the software that came with it. I can't remember the age of the system off the top of my head - probably got it between 2008 - 2010 I think I had reinstalled everything about a year ago when my computer had some other trouble System information is as follows: System is copyright 2007 and has service pack 2 System rating 1.0 Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz RAM 2 GB Video card: NVIDIA GeForce 9600 GT Mother Board Intel DP35DP Power Supply (brand and wattage) - erm, couldn't tell you without opening up my computer, bit reluctant to do that at the moment. - is there some other way without opening her up? Tried to get the System manufacturer name and Model number went into command prompt and all I got was "name" and "serial number" (unless this is something hard to get as it was a computer built from a shop instead of straight from a manufacturer?) perfmon Jun 13 15.html
  4. kladyelf
    Well i've done the synsnative thing (see attachment - hope i'm doing this right!) - working on perfmon now SysnativeFileCollectionApp.zip
  5. kladyelf
    Here is the CheckResults txt file from Mbam-check 2.1.1.1 CheckResults.txt
  6. kladyelf
    Here is the Addition txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015Ran by Kathy at 2015-07-10 22:58:35Running from C:\Users\Kathy\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1099725507-4057469664-453529901-500 - Administrator - Disabled)Guest (S-1-5-21-1099725507-4057469664-453529901-501 - Limited - Disabled)Kathy (S-1-5-21-1099725507-4057469664-453529901-1000 - Administrator - Enabled) => C:\Users\KathyUpdatusUser (S-1-5-21-1099725507-4057469664-453529901-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Chaos on Deponia (HKLM\...\Steam App 220740) (Version: - Daedalic Entertainment)CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)CyberLink Media Suite 8 (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)CyberLink Power2Go 7 (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)CyberLink PowerBackup 2.5 (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)CyberLink YouCam 3.1 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddeniTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) HiddenRayman Origins (HKLM\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.02 - Ubisoft)Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.2.965.0 - SAMSUNG Electronics Co., Ltd.)Sandboxie 4.20 (32-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSteam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-05-2015 20:00:07 Scheduled Checkpoint24-05-2015 18:29:48 Scheduled Checkpoint29-05-2015 12:48:22 Scheduled Checkpoint31-05-2015 21:08:50 Scheduled Checkpoint03-06-2015 13:02:13 Scheduled Checkpoint06-06-2015 20:16:51 Scheduled Checkpoint07-06-2015 21:10:14 Scheduled Checkpoint10-06-2015 21:14:29 Windows Update13-06-2015 20:55:49 Scheduled Checkpoint15-06-2015 14:09:50 Scheduled Checkpoint18-06-2015 21:05:13 Scheduled Checkpoint19-06-2015 18:56:29 Windows Update20-06-2015 16:29:41 trying to fix puter24-06-2015 18:50:08 Scheduled Checkpoint25-06-2015 10:52:53 Scheduled Checkpoint27-06-2015 12:12:10 Scheduled Checkpoint02-07-2015 22:05:01 Scheduled Checkpoint03-07-2015 20:05:21 Scheduled Checkpoint04-07-2015 19:58:52 Scheduled Checkpoint05-07-2015 20:49:12 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 19:53 - 2006-09-19 07:11 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {191C3656-D941-4D41-9B6F-8B5742151ECD} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)Task: {1E67B0CF-4C5F-45AB-BAB2-24E21A452B93} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)Task: {2AD0EDB8-00EF-409E-90BF-1BCADEBAC122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)Task: {84A2DEB2-5A39-4C2C-94E0-F6B7D1439170} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)Task: {9629BFA8-837F-40C9-90B7-D5C717D6954F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {CD4C55D1-1160-479A-8E6C-AF2F510B4BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)Task: {F42AC81F-EEDA-415D-A21E-277A43187007} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-18 11:45 - 2015-04-24 12:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-03-18 11:45 - 2015-04-24 12:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2015-07-10 10:26 - 2015-07-10 10:26 - 02955776 _____ () C:\Program Files\AVAST Software\Avast\defs\15070902\algo.dll2015-07-10 17:53 - 2015-07-10 17:53 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071000\algo.dll2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll2015-03-14 12:18 - 2015-03-18 11:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 21:35 - 2015-01-20 21:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-05-16 17:36 - 2015-04-17 03:10 - 00776192 _____ () C:\Program Files\Steam\SDL2.dll2015-01-21 16:57 - 2015-04-23 11:46 - 04962816 _____ () C:\Program Files\Steam\v8.dll2015-01-21 16:57 - 2015-04-23 11:46 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll2015-01-21 16:57 - 2015-04-23 11:46 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll2014-05-29 09:37 - 2015-06-05 04:26 - 02407104 _____ () C:\Program Files\Steam\video.dll2014-08-29 21:50 - 2014-12-02 07:01 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll2014-08-29 21:50 - 2014-12-02 07:01 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll2014-08-29 21:50 - 2014-12-02 07:01 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll2014-08-29 21:50 - 2014-12-02 07:01 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll2014-08-29 21:50 - 2014-12-02 07:01 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll2014-05-29 09:36 - 2015-06-05 04:26 - 00703168 _____ () C:\Program Files\Steam\bin\chromehtml.dll2014-05-01 15:35 - 2015-05-12 04:31 - 36302728 _____ () C:\Program Files\Steam\bin\libcef.dll2014-05-11 19:50 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-05-11 19:50 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2015-07-08 12:34 - 2015-07-07 13:19 - 16285512 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\secunia.com -> hxxps://secunia.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1099725507-4057469664-453529901-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpgHKU\S-1-5-21-1099725507-4057469664-453529901-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpgDNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: LGODDFU => C:\Program Files\lg_fwupdate\lgfw.exe blrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exeFirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exeFirewallRules: [{B7576E69-0A69-463D-A64E-89568E5599BA}] => (Allow) LPort=80FirewallRules: [{BF394DAE-4559-4A9B-A02B-2E307505B50A}] => (Allow) LPort=80FirewallRules: [{CE999BF7-A578-4679-981B-01E9A5A2A149}] => (Allow) LPort=80FirewallRules: [{27D483BC-CB51-44D2-BCF5-15025C73C447}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{17AD9D9B-EADB-486F-959C-9E8E5E750205}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{7A96BD8E-6F33-4E86-9EA4-719962A56D2C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeFirewallRules: [{7B0D0E3F-857D-487D-8D03-8839AB781B0D}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exeFirewallRules: [{9DB6C7E4-C990-4927-8652-64220F0D5BE4}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exeFirewallRules: [{B18681EC-E339-418B-B36F-8AC22B83B578}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exeFirewallRules: [{4B1E6DBB-B78E-4B11-82B2-7F355B763161}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exeFirewallRules: [{65343E54-70B6-4585-85D4-7A9A9787305E}] => (Allow) C:\Program Files\Steam\Steam.exeFirewallRules: [{FCDFB83E-7AB5-41B5-9962-D18304FCC812}] => (Allow) C:\Program Files\Steam\Steam.exeFirewallRules: [{5B437AAC-1791-4AB6-AA64-21504C6B027F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{387F8E83-80A9-4B39-877F-5CA352C94C07}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{8BBC0277-CDF0-4E8B-AE95-A2DF562E6058}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\Rayman Origins.exeFirewallRules: [{8F541F7B-5D05-486B-8D7D-79E1A2710D75}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\Rayman Origins.exeFirewallRules: [{754BB017-EEEB-4C77-9290-04A3A26B25D0}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\gu.exeFirewallRules: [{008555B0-D34C-4CCA-BFB9-542EF6B94E49}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\gu.exeFirewallRules: [{9EB267BA-CF19-4737-9F45-B29F884B9323}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\deponia2.exeFirewallRules: [{4A3F32D8-E4BE-40B2-B519-631696BCE1B0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\deponia2.exeFirewallRules: [{7994353D-1017-48DA-A9F6-6FCAC9979A32}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exeFirewallRules: [{DCA58273-B5BD-45F7-9A27-530439148783}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exeFirewallRules: [{0CD7AC78-CE10-41D7-B74D-DB06FCF13564}] => (Allow) C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{431D8C27-BA43-4788-8A92-4A2652FAD02D}] => (Allow) C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{913408B5-EE03-4B57-8B2C-389265B9567B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{91128E80-6CE6-4AD6-9191-6DB2B702963D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{E8482923-85A7-46CB-937D-21A6DBA43B13}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exeFirewallRules: [{3445D7DA-2039-47DB-9172-3317BA4DA35A}] => (Allow) LPort=2869FirewallRules: [{60E1FA19-4C8D-47B7-8CAE-8C23ACDD0A21}] => (Allow) LPort=1900FirewallRules: [{C319FE60-7329-4438-BE2F-BB2A92FCC535}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{1A3AC24D-8F1C-4CFD-9923-117762D8765D}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exeFirewallRules: [{1A058A8A-7AB9-4FC3-9D55-D22F2CE3B5F3}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exeFirewallRules: [{BE2C489D-F389-4E29-B132-21156B5602EA}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exeFirewallRules: [{BC0304B3-8522-48AD-A0BD-3D6AD88BF3C6}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{6C3769BA-84DD-44E4-B426-8DB7D8E1EEA1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{8B041C4D-5465-423D-9B48-5716048FAB00}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{EDDA636D-B00C-49DD-A40D-15955CA84071}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications ControllerDescription: PCI Simple Communications ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (07/10/2015 05:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2015 11:41:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xefff0000,process id 0x131c, application start time 0xiTunes.exe0. Error: (07/10/2015 10:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2015 05:25:41 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2015 10:11:10 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2015 09:32:20 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2015 00:01:17 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2015 11:59:36 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2015 06:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2015 02:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program WINWORD.EXE version 12.0.6720.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.Process ID: 12ccStart Time: 01d0b85b2b47c237Termination Time: 2997 System errors:=============Error: (07/10/2015 05:54:53 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/09/2015 11:53:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )Description: Group Policy Client Error: (07/09/2015 05:40:06 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/07/2015 11:59:13 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 11:56:52 PM on 7/07/2015 was unexpected. Error: (07/06/2015 04:31:46 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/05/2015 02:12:12 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/04/2015 00:27:09 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/03/2015 05:45:03 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/03/2015 01:00:27 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Error: (07/02/2015 11:21:52 AM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.The backup browser is stopping. Microsoft Office:========================= CodeIntegrity Errors:=================================== Date: 2015-07-10 22:58:06.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:06.126 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:05.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:05.860 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:00.987 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:00.856 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:00.720 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 22:58:00.447 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 11:25:36.756 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-10 11:25:36.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHzPercentage of memory in use: 96%Total physical RAM: 2028.7 MBAvailable physical RAM: 69.72 MBTotal Virtual: 4656.4 MBAvailable Virtual: 1511.51 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:146.48 GB) (Free:78.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Data) (Fixed) (Total:400.39 GB) (Free:399.83 GB) NTFSDrive e: (Spare) (Fixed) (Total:214.84 GB) (Free:172.71 GB) NTFSDrive f: ( OS Back Up) (Fixed) (Total:169.79 GB) (Free:74.76 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 63836A9B)Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=169.8 GB) - (Type=OF Extended) ==================== End of log ============================
  7. kladyelf
    This is the FRST one: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2015Ran by Kathy (administrator) on KATHY-PC on 10-07-2015 22:57:11Running from C:\Users\Kathy\DesktopLoaded Profiles: Kathy & UpdatusUser (Available Profiles: Kathy & UpdatusUser)Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Valve Corporation) C:\Program Files\Steam\Steam.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Teruten) C:\Windows\System32\FsUsbExService.Exe(Secunia) C:\Program Files\Secunia\PSI\psia.exe(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Secunia) C:\Program Files\Secunia\PSI\sua.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)HKLM\...\Run: [YouCam Mirage] => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)HKLM\...\Run: [YouCam Tray] => C:\Program Files\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [116056 2010-02-04] (Samsung Electronics Co., Ltd.)HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [2892992 2015-06-05] (Valve Corporation)HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-06-24] (Sandboxie Holdings, LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-06-20]ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-24] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1099725507-4057469664-453529901-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1099725507-4057469664-453529901-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1099725507-4057469664-453529901-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-02] (Avast Software s.r.o.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 10.0.0.138Tcpip\..\Interfaces\{15EAAB30-77F8-42F1-B75D-59654459DD29}: [DhcpNameServer] 10.0.0.138 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-11]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28] Chrome: =======CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-24] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-24] (Avast Software)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134792 2015-06-24] (Sandboxie Holdings, LLC)R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-24] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-24] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-24] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-24] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-24] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-24] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-24] ()R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-01-25] () [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-10] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [162952 2015-06-24] (Sandboxie Holdings, LLC)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-24] (Avast Software)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)S3 catchme; \??\C:\Users\Kathy\AppData\Local\Temp\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 22:57 - 2015-07-10 22:58 - 00014756 _____ C:\Users\Kathy\Desktop\FRST.txt2015-07-10 22:56 - 2015-07-10 22:57 - 00000000 ____D C:\FRST2015-07-10 22:22 - 2015-07-10 22:22 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Kathy\Desktop\mbam-check-2.1.1.1001.exe2015-07-10 22:16 - 2015-07-10 22:17 - 01636352 _____ (Farbar) C:\Users\Kathy\Desktop\FRST.exe2015-07-09 10:29 - 2015-07-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie2015-07-07 23:59 - 2015-07-07 23:59 - 00143664 _____ C:\Windows\Minidump\Mini070715-01.dmp2015-06-23 23:34 - 2015-06-23 23:34 - 00139552 _____ C:\Windows\Minidump\Mini062315-01.dmp2015-06-20 17:40 - 2015-06-20 17:40 - 01528320 _____ C:\Users\Kathy\Desktop\msxml6 (2).msi2015-06-20 17:22 - 2015-06-20 17:22 - 00000824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk2015-06-20 17:18 - 2015-06-20 17:18 - 01754456 _____ (Secunia) C:\Users\Kathy\Desktop\PSI2Setup.exe2015-06-16 23:36 - 2015-06-16 23:36 - 00143664 _____ C:\Windows\Minidump\Mini061615-01.dmp2015-06-10 21:21 - 2015-05-21 23:52 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-06-10 21:21 - 2015-05-09 08:38 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-06-10 21:21 - 2015-04-25 01:24 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-06-10 21:15 - 2015-05-05 08:21 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2015-06-10 21:15 - 2015-05-05 08:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2015-06-10 21:15 - 2015-05-05 08:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2015-06-10 21:15 - 2015-05-05 08:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2015-06-10 21:15 - 2015-05-05 06:51 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2015-06-10 18:09 - 2015-05-31 09:33 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-06-10 18:09 - 2015-05-31 09:25 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-06-10 18:09 - 2015-05-31 09:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-06-10 18:09 - 2015-05-31 09:23 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-06-10 18:09 - 2015-05-31 09:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-06-10 18:09 - 2015-05-31 09:19 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-06-10 18:09 - 2015-05-31 09:19 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-06-10 18:09 - 2015-05-31 09:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-06-10 18:09 - 2015-05-31 09:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-06-10 18:09 - 2015-05-31 09:18 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-06-10 18:09 - 2015-05-31 09:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-06-10 18:09 - 2015-05-31 09:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-06-10 18:09 - 2015-05-31 09:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-06-10 18:09 - 2015-05-31 09:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-06-10 18:09 - 2015-05-31 09:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-06-10 18:09 - 2015-05-31 09:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-06-10 18:09 - 2015-05-31 09:17 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 22:43 - 2015-05-04 19:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-07-10 22:31 - 2014-09-14 19:03 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-10 21:52 - 2006-11-02 22:15 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-07-10 21:52 - 2006-11-02 22:15 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-07-10 18:37 - 2014-05-12 12:02 - 00002587 _____ C:\Users\Kathy\Desktop\Microsoft Office Word 2007.lnk2015-07-10 17:55 - 2008-01-21 11:08 - 01475820 _____ C:\Windows\WindowsUpdate.log2015-07-10 17:52 - 2014-09-14 19:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-10 17:52 - 2014-05-30 22:45 - 00000000 ____D C:\Program Files\Steam2015-07-10 17:52 - 2014-05-10 21:55 - 00000000 ____D C:\ProgramData\NVIDIA2015-07-10 17:52 - 2006-11-02 22:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-10 11:41 - 2006-11-02 22:28 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-07-10 11:21 - 2014-06-16 23:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-07-09 09:53 - 2015-05-04 19:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2015-07-09 09:53 - 2015-05-04 19:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2015-07-08 12:34 - 2014-09-14 19:05 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-07-07 23:59 - 2014-05-20 15:44 - 00000000 ____D C:\Windows\Minidump2015-07-07 23:58 - 2014-06-16 14:56 - 186523375 _____ C:\Windows\MEMORY.DMP2015-07-06 22:49 - 2014-05-16 10:49 - 00001858 _____ C:\Windows\Sandboxie.ini2015-07-05 14:27 - 2014-06-14 12:20 - 00006611 _____ C:\Windows\SecuniaPackage.log2015-06-27 11:48 - 2014-06-28 15:00 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys2015-06-25 17:47 - 2008-01-21 12:32 - 01011056 _____ C:\Windows\PFRO.log2015-06-20 17:21 - 2014-06-07 18:04 - 00000000 ____D C:\Users\Kathy\AppData\Local\CrashDumps2015-06-11 19:55 - 2006-11-02 20:48 - 00000000 ____D C:\Windows\rescache2015-06-11 17:18 - 2006-11-02 22:14 - 00374120 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-10 21:21 - 2014-05-12 11:28 - 00000000 ____D C:\ProgramData\Microsoft Help2015-06-10 21:21 - 2014-05-11 12:41 - 00000000 ____D C:\Windows\system32\MRT2015-06-10 21:16 - 2006-11-02 19:54 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Files in the root of some directories ======= 2014-05-10 19:21 - 2015-01-13 16:49 - 0001356 _____ () C:\Users\Kathy\AppData\Local\d3d9caps.dat2014-05-26 20:31 - 2014-12-07 13:45 - 0012288 _____ () C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-05-10 21:56 - 2014-05-11 19:59 - 0034895 _____ () C:\ProgramData\nvModes.0012014-05-10 21:56 - 2014-05-11 19:59 - 0034895 _____ () C:\ProgramData\nvModes.dat Some files in TEMP:====================C:\Users\Kathy\AppData\Local\Temp\SandboxieInstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-10 17:58 ==================== End of log ============================
  8. kladyelf
    Um, Hi Sorry I have not got on to this sooner, RL has been kicking my butt lately - will do all the diagnostics and post them one at a time OK?
  9. kladyelf
    Woops, I meant to say I've scanned with Avast, not Norton's!
  10. kladyelf
    Hi folks Well my computer is acting oddly and after scanning with both Mbytes and Norton's I'm throwing my hands in the air and asking some experts. So here is my problem: Lately I've been getting the occasional error message completely at random on my computer (see attached word document) and the other night when I was shutting down my internet (Google Chrome on sandboxie) my computer decided to give me the BSOD, the text said something about disk memory (it was gone before I could properly read it) and crashed! Other than that and the occasional strange Windows Application Error message the computer is running fine, if a bit slow, but that can possibly be attributed to other background programs like Secunia PSI which run when the computer boots up. Either way, its weird and I'm trying to nip it in the bud before it becomes serious. Does anyone have any advice or wisdom to add? windows application error message.docx
  11. kladyelf
    Ah OK thanks, sorry about that
  12. kladyelf
    OK done that - thing is my Windows Data Execution is still shutting down my Secunia PSI program - I think it is viewing it as Malware or something. Although I just started it manually and it opened up for me.
  13. kladyelf
    Well so far so good - one question though - for some reason, while deleting the folder with all the programs and logs I noticed another new file called "$RECYCLE" - thinking it was part of the whole maintenance thing I went to delete it only to be asked did I really want to delete my actual Recycle Bin? what does that entail? Is there now a new Recycle bin?
  14. kladyelf
    Just heard back from the website with the redirect problem, this is what they said in their email (see below) "We're not infected with malware. This is the result of some code inserted into one of the advertisements that show on our website. It is a new trend in advertising and very annoying to track down. We're working with our ad provider to track it down and get it killed. Sorry for the inconvenience," so hopefully things get taken care of on that end?
  15. kladyelf
    Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Kathy on Wed 06/05/2015 at 11:05:12.59. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kathy\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/05/2015 11:06:41 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully C:\Users\Kathy\AppData\Local\Secunia PSI deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [24/04/2015 12:53 PM] ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.135 Bookmark Manager - Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Chrome Hotword Shared Module - Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": " ==== Chromium Fix ====================== C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.backpackerdeals.com_0.localstorage deleted successfully C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.backpackerdeals.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?linkid=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?linkid=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5 folders=0 36988 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Kathy\AppData\Local\temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kathy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on Wed 06/05/2015 at 11:19:52.18 ======================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.