Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer gives paged file in non paged area multiple times a day an


  • This topic is locked This topic is locked

#1
lasombrs

lasombrs

    Member

  • Member
  • PipPip
  • 20 posts

About 10 days ago my computer started giving me the blue screen of death that says paged file in non paged area. It happened only once or twice at first and just restarting fixed the issue. After it happened a third time i looked up the meaning of the error and then tried to adjust my virtual memory by clearing it out to error, restarting, setting it back to default and restarting. Error happened again moments later. Tends to happen if I try to use the Fiesta Online game launcher. So i fully uninstalled and reinstalled the game. Good to go for about 24 hours. Then it started to give me the error message 8+ times a day. System restore helped some times, others not. I may have used every back up date i had at this point. The computer no longer does anything when you click system restore from the black screen options of system restore or start windows normally. It just restarts the countdown timer. If I click f8 during start up and try to select restore, nothing happens. The computer starts and functions in safe mode, which i am currently using to write this message. I have run countless virus protection and malware search programs. I can't find anything. I have only had this laptop for about 2 months (Dell xps M1710 running Vista Ultimate). I got it used and it was wiped clean when i got it. I only use it to play fiesta online and print files for the nonprofit i work with (end 68 hours of hunger) so i have downloaded from their dropbox, but i would not expect their files to be infected. I always have norton running and active on my computer, scan every few days. All files on computer are ok if lost somehow. I'm okay if it has to be wiped. But I can not find an iso of ultimate that i can download to USB to reinstall with.

 

Recovery portion of drive seems damaged from when i got it. Will not make its own image of computer.

Recovery/restore window will no longer open

I am about to try DR.Web Live USB to see if I can get back into regular windows but wanted to make this first just incase safe mode goes toast on me too. I can follow thread from my phone for updates on what to try.

 

I have a desktop, but its even older runs XP, and only has a cd drive, no dvd burner. This laptop has a dvd burner, which i might be able to access in safe mode? never tried. I have at least an 8gb flash drive, maybe 16 too to boot computer from USB if anyone knows of an actual working VIsta Ultimate ISO i can try. I have the lic key number. 

 

Thank you in advance for any help you can give me :)

 

On to the files given by the program your site suggested to run:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2015 01
Ran by Joanna (administrator) on SARA-PC (15-08-2015 19:19:56)
Running from C:\Users\Joanna\Downloads
Loaded Profiles: Joanna (Available Profiles: Joanna)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-20] (Synaptics, Inc.)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ddoctorv2] => C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\...\Run: [CacePrinter (Artisan 720)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE [201216 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\...\Run: [EPSON Artisan 720 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGYA.EXE [201216 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\...\Run: [Google Update] => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-10] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2007-09-05]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-09-05]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77de8857&p2=^hj^xdm017^yy^us&ptb=753b0ac6-c38b-4456-a92b-999ac41eeb9f&si=pconverter
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60180
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> Comcast URL = hxxp://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60180
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {5396142D-AC3B-420D-8D1D-F945443B465F} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80116&lng=en
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {E519AA1F-E8A8-47ED-92E3-BCFB65055819} URL = hxxp://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-09-05] (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2007-03-16] (Dell Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{CDE40BAD-F979-4B54-B17F-0BC495E6ACF8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\5vdomsv9.default-1422721537032
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2961099189-892354221-2781886693-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2961099189-892354221-2781886693-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-08-07]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Poper Blocker) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-06-21]
CHR Extension: (Adblock Plus) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-21]
CHR Extension: (Adblock for Youtube™) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-06-21]
CHR Extension: (SwagButton) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-06-21]
CHR Extension: (Pin It Button) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-21]
CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
StartMenuInternet: Google Chrome.FFXHVNLYBFPE7M55W74WXXEYPU - C:\Users\Joanna\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1051632 2015-05-18] (Coupons.com Inc.)
S2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-09-05] (Creative Labs) [File not signed]
S2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2007-04-09] (Creative Technology Ltd) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-10-17] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 N360; C:\Program Files\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
S2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [386592 2007-04-27] (Dell Inc.)
S2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150728.001_2f0\BHDrvx86.sys [1181936 2015-07-28] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-08-06] (Symantec Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [61312 2007-01-29] (O2Micro)
S1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150807.001\IDSvix86.sys [523512 2015-08-06] (Symantec Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVENG.SYS [104440 2015-08-06] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVEX15.SYS [1645432 2015-08-06] (Symantec Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S1 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-06-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS [384728 2014-08-25] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz138; \??\C:\Users\Joanna\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\system32\drivers\agp440.sys 8B10CE1C1F9F1D47E4DEB1A547A00CD4
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys DC67A153FDB8105B25D05334B5E1D8E2
C:\Windows\system32\drivers\amdagp.sys 848F27E5B27C1C253F6CEFDC1A5D8F21
C:\Windows\system32\drivers\amdide.sys 835C4C3355088298A5EBD818FA31430F
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\b57nd60x.sys 502F1C30BD50B32D00CE4DCAECC3D3C7
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150728.001_2f0\BHDrvx86.sys A1D0D73834A90B9CC93BF60449E68C70
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys 6D39C954799B63BA866910234CF7D726
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 5904EFA25F829BF84EA6FB045134A1D8
C:\Windows\System32\Drivers\BTHport.sys 611FF3F2F095C8D4A6D4CFD9DCC09793
C:\Windows\System32\Drivers\BTHUSB.sys D330803EAB2A15CAEC7F011F1D4CB30E
C:\Windows\System32\drivers\btwaudio.sys 4A28E7BD365377D0512B7EF8C7596D2C
C:\Windows\System32\drivers\btwavdt.sys 5FFDE57253D665067B0886612817EB11
C:\Windows\System32\DRIVERS\btwrchid.sys AB07DC8B05C31A4F95FC73019BE9DB15
C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 5D9311526801643000D7032A83B18B12
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys E79CBB2195E965F6E3256E2C1B23FD1C
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 9BDB2E89BE8D0EF37B1F25C3D3FC192C
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 413F2D5F9D802688242C23B38F767ECB
C:\Windows\System32\DRIVERS\dsunidrv.sys DFEABB7CFFFADEA4A912AB95BDC3177A
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\e1e6032.sys 7505290504C8E2D172FA378CC0497BCC
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys 9BAB89DBB27891DEEF6E1F1B589A6ED4
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 9281F8E827D4A326D9F1FA9EA99F65A7
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\system32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\System32\DRIVERS\fvevol.sys FECF4C2E42440A8D132BF94EEE3C3FC9
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\Drivers\oz776.sys 50113353DED9A0772741A1C6AA908FA7
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DPV.sys 53229DCF431D76434816CD29251168A0
C:\Windows\System32\DRIVERS\HSXHWAZL.sys 31F949D452201F2F0AF0C88D7DB512CD
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150807.001\IDSvix86.sys BA459F9D857B493D29B01A1BD6C9167A
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 2F8ECE2699E7E2070545E9B0960A8ED2
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys E9648A2E6691B3BF0D17697640B8F7EB
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\drivers\LVUSBSta.sys 23F8EF78BB9553E465A476F3CEE5CA18
C:\Windows\system32\drivers\mbam.sys B4CD87E78A01562E3DA67FE1C2779204
C:\Windows\system32\drivers\MBAMSwissArmy.sys 739164A8B8FB2F1B50A498F20AF7B21E
C:\Windows\system32\drivers\mwac.sys EAFEB8DF3B5B2AD7848B4C367FDD6E05
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys 3EAE06B0D9E32A3D45DC3E07F1FBFA97
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys B0584CA7DEF55929FDB5169BD28B2484
C:\Windows\System32\DRIVERS\mrxsmb.sys 1B864548B2ACEC1C0BB29B615CC42978
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3F39B02EEDC5B8A0ED896EA1CDF7245F
C:\Windows\System32\DRIVERS\mrxsmb20.sys D0670EC8E5AD3FA5BE372BF70AC0EABF
C:\Windows\system32\drivers\msahci.sys D420BC42A637AC3CC4F411220549C0DC
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVENG.SYS 18AD0AC87FF266B5E5616FCD6C577311
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVEX15.SYS 9EDB941A9FA181C4C3DEFF0A0559A056
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw4v32.sys 6522DD40A5F67CED020BD81B856613FB
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvlddmkm.sys DC89868592D74DE404406C9420C3F277
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys 055081FD5076401C1EE1BCAB08D81911
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\DRIVERS\pciide.sys EB03C52C1CC6FFC31757E0A69FFFD5B6
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LV302V32.SYS 4BB5AC2DD485B8EEFCCB977EE66A68AD
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\System32\DRIVERS\rdpdr.sys 943B18305EAE3935598A9B4A3D560B4C
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rfcomm.sys 6482707F9F4DA0ECBAB43B2E0398A101
C:\Windows\System32\DRIVERS\rimmptsk.sys D85E3FA9F5B1F29BB4ED185C450D1470
C:\Windows\System32\DRIVERS\rimsptsk.sys DB8EB01C58C9FADA00C70B1775278AE0
C:\Windows\System32\DRIVERS\rixdptsk.sys 6C1F93C0760C9F79A1869D07233DF39D
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\System32\DRIVERS\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys 96DED8B20C734AC41641CE275250E55D
C:\Windows\System32\DRIVERS\sffp_sd.sys 9F66A46C55D6F1CCABC79BB7AFCCC545
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 08072B2FB92477FC813271A84B3A8698
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS 7A3F8D98848D08E8C6E2C2BAA0764CBE
C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS D3EE2801E382ED0B37169B2AF153E3A0
C:\Windows\System32\DRIVERS\srv.sys 04FA8FDECF4C0DE1A98B67C98868964C
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\drivers\stwrt.sys 9CEA131B5EB0EA653F6B3EA80B54956D
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5
C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS B70A98F20B4180F2751CFD7656116342
C:\Windows\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375
C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS 164B4870B45A5BFD9535A62E857F066B
C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS D3F7FB40012382F7B206200AE794FBD7
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 1F5192248A364D4AB68DB063D18A2139
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys 6D72EF05921ABDF59FC45C7EBFE7E8DD
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys D5929A28BDFF4367A12CAF06AF901971
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys F3B4762EB85A2AFF4999401F14C3262B
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 6D2350BB6E77E800FC4BE4E5B7A2E89A
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\DRIVERS\WSDScan.sys 65D1FF8AAFF4A7D8F787A290E5087816
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys 5A7FF9A18FF6D7E0527FE3ABF9204EF8
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 19:19 - 2015-08-15 19:21 - 00037133 _____ C:\Users\Joanna\Downloads\FRST.txt
2015-08-15 19:19 - 2015-08-15 19:20 - 00000000 ____D C:\FRST
2015-08-15 19:19 - 2015-08-15 19:19 - 01678336 _____ (Farbar) C:\Users\Joanna\Downloads\FRST.exe
2015-08-15 19:12 - 2015-08-15 19:21 - 632821576 _____ (Doctor Web, Ltd.) C:\Users\Joanna\Downloads\drweb-livedisk-900-usb.exe
2015-08-15 19:01 - 2015-08-15 19:01 - 00140712 _____ C:\Windows\Minidump\Mini081515-04.dmp
2015-08-15 18:41 - 2015-08-15 18:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 18:41 - 2015-08-15 18:41 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-15 18:41 - 2015-08-15 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-15 18:41 - 2015-08-15 18:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-15 18:41 - 2015-08-15 18:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-15 18:41 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 18:41 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-15 18:41 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-15 18:40 - 2015-08-15 18:40 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Joanna\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-15 18:30 - 2015-08-15 18:30 - 00140680 _____ C:\Windows\Minidump\Mini081515-03.dmp
2015-08-15 18:23 - 2015-08-15 18:23 - 00140712 _____ C:\Windows\Minidump\Mini081515-02.dmp
2015-08-15 09:13 - 2015-08-15 09:13 - 00140712 _____ C:\Windows\Minidump\Mini081515-01.dmp
2015-08-14 21:54 - 2015-08-14 21:54 - 00140680 _____ C:\Windows\Minidump\Mini081415-01.dmp
2015-08-12 00:49 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 00:49 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 00:49 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 00:49 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 00:49 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 00:49 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 00:49 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 00:49 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 00:48 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:48 - 2015-07-09 10:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-12 00:47 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 00:46 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 00:39 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 00:34 - 2015-07-10 15:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 00:34 - 2015-07-10 15:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 00:33 - 2015-07-31 18:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 00:33 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 00:33 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 00:33 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 00:33 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 00:33 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 00:33 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 00:33 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 00:33 - 2015-07-31 16:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 00:33 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 00:33 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 00:33 - 2015-07-31 16:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 00:32 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 00:31 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 00:31 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-10 09:42 - 2015-08-10 09:52 - 2084663272 _____ (Gamigo) C:\Users\Joanna\Downloads\FiestaOnline_NA.exe
2015-08-10 09:41 - 2015-08-15 17:46 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003UA.job
2015-08-10 09:41 - 2015-08-14 14:59 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003Core.job
2015-08-10 09:41 - 2015-08-10 09:41 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-08 18:44 - 2015-08-10 09:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\Deployment
2015-08-08 18:44 - 2015-08-10 09:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\Apps\2.0
2015-08-08 17:53 - 2015-08-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox(84)
2015-08-08 16:38 - 2015-08-15 17:08 - 00010647 _____ C:\Users\Joanna\Documents\phils route list big print to print.xlsx
2015-08-08 16:35 - 2015-08-15 16:58 - 00010917 _____ C:\Users\Joanna\Documents\phils route list updated.xlsx
2015-08-08 16:10 - 2015-08-15 17:15 - 00010868 _____ C:\Users\Joanna\Documents\daily.xlsx
2015-08-08 15:43 - 2015-08-15 17:28 - 00009882 _____ C:\Users\Joanna\Documents\Sara Sunday route.xlsx
2015-08-08 14:58 - 2015-08-08 14:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(33)
2015-08-08 14:30 - 2015-08-15 17:37 - 00009997 _____ C:\Users\Joanna\Documents\Scott Sunday route.xlsx
2015-08-08 14:30 - 2015-08-08 14:30 - 00000165 ____H C:\Users\Joanna\Documents\~$Scott Sunday route.xlsx
2015-08-08 14:01 - 2015-08-15 17:03 - 00010983 _____ C:\Users\Joanna\Documents\phils route list.xlsx
2015-08-08 14:01 - 2015-08-08 14:01 - 00000165 ____H C:\Users\Joanna\Documents\~$phils route list.xlsx
2015-08-07 13:43 - 2015-08-07 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox(71)
2015-08-07 13:26 - 2015-08-07 13:26 - 00140712 _____ C:\Windows\Minidump\Mini080715-01.dmp
2015-07-30 06:33 - 2015-07-30 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox(39)
2015-07-29 16:12 - 2015-07-29 17:15 - 00000000 ____D C:\Users\Joanna\Documents\paper route
2015-07-19 19:16 - 2015-07-19 19:45 - 00000000 ____D C:\ProgramData\TEMP
2015-07-19 10:39 - 2015-07-19 10:40 - 00000000 ____D C:\Program Files\QuickTime(30)
2015-07-18 18:53 - 2015-07-18 18:54 - 00144248 _____ C:\Windows\Minidump\Mini071815-02.dmp
2015-07-18 11:17 - 2015-07-18 11:17 - 00144248 _____ C:\Windows\Minidump\Mini071815-01.dmp
2015-07-17 08:45 - 2015-07-17 08:46 - 00144248 _____ C:\Windows\Minidump\Mini071715-01.dmp
2015-07-16 13:39 - 2015-07-16 13:39 - 00000000 ____D C:\Windows\CheckSur
2015-07-16 07:39 - 2015-07-16 07:39 - 00116214 _____ C:\compete-header-long2.bmp
2015-07-15 13:07 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:07 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:07 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:06 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 12:47 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 12:45 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 12:45 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 12:45 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 12:45 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 12:45 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 12:45 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 12:45 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 12:45 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 22:09 - 2015-08-13 14:12 - 00000000 ____D C:\Users\Joanna\Documents\Fiesta
2015-07-14 18:56 - 2015-08-03 12:32 - 00000000 ____D C:\Users\Joanna\Documents\PTO
2015-07-07 19:47 - 2015-07-10 17:05 - 00000000 ____D C:\Users\Joanna\Documents\My Kindle Content
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\Program Files\Coupons
2015-07-02 23:32 - 2015-07-02 23:32 - 00144296 _____ C:\Windows\Minidump\Mini070215-01.dmp
2015-07-01 19:26 - 2015-07-01 19:26 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-06-27 17:14 - 2015-07-02 14:33 - 00000000 ____D C:\Users\Joanna\Documents\sunday paper route
2015-06-26 15:02 - 2015-06-26 15:03 - 00144296 _____ C:\Windows\Minidump\Mini062615-01.dmp
2015-06-26 09:06 - 2015-06-30 18:20 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Apple Computer
2015-06-26 09:05 - 2015-07-01 19:26 - 00001666 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-26 09:05 - 2015-07-01 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-26 09:05 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-06-26 09:03 - 2015-06-26 09:05 - 00000000 ____D C:\Program Files\iTunes
2015-06-26 09:03 - 2015-06-26 09:03 - 00000000 ____D C:\Program Files\iPod
2015-06-26 09:02 - 2015-06-26 09:02 - 00000000 ____D C:\Program Files\Bonjour
2015-06-26 08:55 - 2015-06-26 09:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-26 08:53 - 2015-08-09 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-06-26 08:53 - 2015-08-09 18:14 - 00000000 ____D C:\Program Files\QuickTime
2015-06-26 08:53 - 2015-06-26 09:03 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-24 16:51 - 2015-06-24 16:51 - 00000000 ____D C:\Users\Joanna\AppData\Local\Nero_AG
2015-06-24 16:50 - 2015-08-09 18:14 - 00000000 ____D C:\Users\Joanna\AppData\Local\Nero
2015-06-24 16:50 - 2015-06-24 16:50 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Nero
2015-06-24 16:26 - 2015-08-10 08:57 - 00000000 ____D C:\ProgramData\Nero
2015-06-24 16:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-24 16:24 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-06-24 16:24 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-06-24 16:23 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-06-24 16:22 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-24 16:20 - 2015-06-24 16:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-24 09:06 - 2015-06-24 09:07 - 00000000 ____D C:\NPE
2015-06-24 09:00 - 2015-06-24 09:39 - 00000000 ____D C:\Users\Joanna\AppData\Local\NPE
2015-06-23 13:39 - 2015-06-23 13:39 - 00000778 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-06-23 13:39 - 2015-06-23 13:39 - 00000000 ____D C:\Program Files\Speccy
2015-06-23 12:26 - 2015-06-23 12:26 - 00000000 ____D C:\Program Files\TestXp
2015-06-23 12:25 - 2015-07-16 07:39 - 00000000 ____D C:\Program Files\OSDownloader
2015-06-23 12:17 - 2015-08-10 08:58 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Philipp Winterberg
2015-06-22 16:03 - 2015-06-22 16:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2015-06-22 09:25 - 2015-08-10 08:53 - 00000000 ___RD C:\Users\Joanna\Dropbox
2015-06-22 09:16 - 2015-06-22 09:16 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Dropbox
2015-06-22 09:13 - 2015-08-10 16:55 - 00000000 ____D C:\Program Files\Dropbox
2015-06-22 09:13 - 2015-08-10 08:53 - 00000000 ____D C:\Users\Joanna\AppData\Local\Dropbox
2015-06-22 09:13 - 2015-06-22 09:13 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-21 20:32 - 2015-06-21 21:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\FiestaOnline
2015-06-21 19:50 - 2015-08-10 12:03 - 00000000 ____D C:\Gamigo
2015-06-21 18:03 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-21 18:03 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-21 17:55 - 2015-08-10 09:23 - 00000000 ____D C:\Users\Joanna\AppData\Local\CrashDumps
2015-06-21 17:55 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-21 17:51 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-21 17:44 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-21 17:44 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-21 17:42 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-21 17:39 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-21 17:34 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-21 17:23 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-21 17:18 - 2015-05-08 19:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-21 16:59 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-21 16:56 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-21 16:56 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-21 16:56 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-21 16:56 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-21 16:56 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-21 16:51 - 2015-06-21 18:39 - 00196608 _____ C:\Windows\SPInstall.etl
2015-06-21 15:38 - 2015-06-21 15:38 - 00000000 ____D C:\Users\Joanna\AppData\Local\Microsoft Corporation
2015-06-21 15:35 - 2015-06-21 15:35 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-06-21 15:35 - 2015-06-21 15:35 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-06-21 13:57 - 2015-08-09 18:14 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-21 13:57 - 2015-06-21 13:57 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-06-21 13:57 - 2015-06-21 13:57 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-06-21 13:56 - 2015-06-22 14:48 - 00002182 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-06-21 13:56 - 2015-06-21 13:56 - 00000000 ____D C:\Users\Joanna\Documents\Bluetooth Exchange Folder
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ____D C:\Program Files\Norton Security Suite
2015-06-21 13:54 - 2015-08-09 17:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(91)
2015-06-21 13:54 - 2015-08-09 04:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(90)
2015-06-21 13:54 - 2015-08-09 04:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(88)
2015-06-21 13:54 - 2015-08-09 03:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(83)
2015-06-21 13:54 - 2015-08-08 21:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(87)
2015-06-21 13:54 - 2015-08-08 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(74)
2015-06-21 13:19 - 2015-06-21 13:19 - 00000000 ____D C:\Users\Joanna\Documents\Symantec
2015-06-21 12:57 - 2015-08-08 15:02 - 00000000 ____D C:\ProgramData\Norton
2015-06-21 12:57 - 2015-08-08 13:46 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-21 12:57 - 2015-06-21 14:20 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-06-21 12:19 - 2015-06-21 12:19 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Easeware
2015-06-21 12:03 - 2009-09-30 19:01 - 00063488 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BGYA.DLL
2015-06-21 12:03 - 2008-11-11 19:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBGYA.DLL
2015-06-21 12:01 - 2015-06-21 12:01 - 00000051 _____ C:\Windows\EPART725.ini
2015-06-21 07:35 - 2015-06-21 11:37 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-21 06:54 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-21 06:54 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-21 06:54 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-21 06:54 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-21 06:54 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-21 06:54 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-21 06:54 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-21 06:54 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-21 06:54 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-21 06:54 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-21 06:54 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-21 06:54 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-21 06:54 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-21 06:54 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-21 06:54 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-21 06:54 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-18 09:14 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-18 09:14 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-18 09:14 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-18 09:14 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-18 09:13 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-18 09:13 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-18 09:13 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-18 09:11 - 2014-12-18 20:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-18 09:11 - 2014-10-09 21:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-18 09:11 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-18 09:11 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-18 09:10 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-18 07:14 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 19:17 - 2008-08-25 19:47 - 00001356 _____ C:\Users\Joanna\AppData\Local\d3d9caps.dat
2015-08-15 19:16 - 2006-11-02 06:33 - 00770532 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 19:05 - 2007-09-05 17:50 - 01283206 _____ C:\Windows\WindowsUpdate.log
2015-08-15 19:01 - 2013-07-03 22:06 - 202675621 _____ C:\Windows\MEMORY.DMP
2015-08-15 19:01 - 2011-05-02 19:50 - 00000000 ____D C:\Windows\Minidump
2015-08-15 19:01 - 2006-11-02 08:59 - 01011890 _____ C:\Windows\PFRO.log
2015-08-15 18:31 - 2006-11-02 08:46 - 00374144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 17:24 - 2012-12-24 16:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 16:42 - 2006-11-02 09:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 16:42 - 2006-11-02 08:46 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 16:42 - 2006-11-02 08:46 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 09:31 - 2007-09-05 17:50 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-15 09:31 - 2006-11-02 09:00 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-13 14:36 - 2007-09-12 14:50 - 00053732 _____ C:\Users\Joanna\AppData\Roaming\nvModes.001
2015-08-12 11:57 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 08:04 - 2006-11-02 08:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-12 00:50 - 2007-09-05 18:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 00:46 - 2013-10-03 03:03 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 00:40 - 2006-11-02 06:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-11 23:24 - 2012-12-24 16:47 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 23:24 - 2012-12-24 16:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-10 16:55 - 2011-01-24 18:14 - 00000000 ____D C:\Program Files\Epson Software
2015-08-10 09:36 - 2007-09-12 14:07 - 00101704 _____ C:\Users\Joanna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-10 09:32 - 2007-09-05 18:10 - 00000000 ____D C:\Program Files\Roxio
2015-08-10 09:31 - 2007-09-05 18:13 - 00000000 ____D C:\ProgramData\Roxio
2015-08-10 09:31 - 2007-09-05 18:09 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2015-08-10 09:25 - 2009-05-09 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-10 09:25 - 2009-05-09 20:20 - 00000000 ____D C:\ProgramData\Logishrd
2015-08-10 09:25 - 2009-05-09 20:20 - 00000000 ____D C:\Program Files\Logitech
2015-08-10 09:25 - 2009-05-09 20:20 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-08-10 09:23 - 2007-09-05 18:22 - 00000000 ____D C:\Program Files\Google
2015-08-10 09:00 - 2007-09-05 18:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-10 08:59 - 2011-01-24 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-08-09 18:16 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-08-09 18:15 - 2007-09-12 14:06 - 00000000 ____D C:\Users\Joanna
2015-08-09 18:15 - 2006-11-02 06:22 - 57147392 _____ C:\Windows\system32\config\software_previous
2015-08-09 18:15 - 2006-11-02 06:22 - 45875200 _____ C:\Windows\system32\config\components_previous
2015-08-09 18:15 - 2006-11-02 06:22 - 23592960 _____ C:\Windows\system32\config\system_previous
2015-08-09 18:15 - 2006-11-02 06:22 - 00786432 _____ C:\Windows\system32\config\default_previous
2015-08-09 18:15 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-08-09 18:15 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-08-09 18:14 - 2007-10-17 21:34 - 00000000 ____D C:\ProgramData\FLEXnet
2015-08-09 18:14 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2015-08-09 18:14 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2015-07-29 14:33 - 2007-09-12 14:08 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2015-07-19 10:32 - 2006-11-02 08:51 - 00039889 _____ C:\Windows\setupact.log
 
==================== Files in the root of some directories =======
 
2007-09-12 14:50 - 2015-08-13 14:36 - 0053732 _____ () C:\Users\Joanna\AppData\Roaming\nvModes.001
2007-09-12 14:50 - 2015-06-22 08:32 - 0053732 _____ () C:\Users\Joanna\AppData\Roaming\nvModes.dat
2010-10-14 10:32 - 2010-10-14 10:32 - 0034926 _____ () C:\Users\Joanna\AppData\Roaming\UserTile.png
2008-08-25 19:47 - 2015-08-15 19:17 - 0001356 _____ () C:\Users\Joanna\AppData\Local\d3d9caps.dat
2007-09-12 14:13 - 2011-01-30 13:37 - 0034816 _____ () C:\Users\Joanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-16 21:34 - 2010-06-16 21:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp80k4vm.dll
C:\Users\Joanna\AppData\Local\Temp\kernel32.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7cd86162-702c-11db-bc87-929c260a2c58}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
 
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=D:
path                    \Windows\System32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=D:
systemroot              \Windows
resumeobject            {766c02d6-5c19-11dc-90c8-806e6f6e6963}
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7cd86162-702c-11db-bc87-929c260a2c58}
nx                      OptIn
bootlog                 No
 
Resume from Hibernate
---------------------
identifier              {766c02d6-5c19-11dc-90c8-806e6f6e6963}
device                  partition=D:
path                    \Windows\System32\boot\winresume.exe
description             Windows Recovery Environment
inherit                 {resumeloadersettings}
pae                     Yes
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {7cd86162-702c-11db-bc87-929c260a2c58}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2015-08-15 19:17
 
==================== End of log ============================
 
Second file requested:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-08-2015 01
Ran by Joanna (2015-08-15 19:22:43)
Running from C:\Users\Joanna\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2961099189-892354221-2781886693-500 - Administrator - Disabled)
Guest (S-1-5-21-2961099189-892354221-2781886693-501 - Limited - Disabled)
Joanna (S-1-5-21-2961099189-892354221-2781886693-1003 - Administrator - Enabled) => C:\Users\Joanna
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 8.1.6 - CPSID_49167 (HKLM\...\Adobe Acrobat  8 Standard_816) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.6 Standard (HKLM\...\Adobe Acrobat  8 Standard) (Version: 8.1.6 - Adobe Systems)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 7.0.8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70800000002}) (Version: 7.0.8 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.11.0000 - Dell)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{D6771E19-1BB6-43B1-811E-ECC5A4613579}) (Version: 10.03.01 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Comcast Desktop Software (v1.2.0.9) (HKLM\...\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}) (Version: 23 - Comcast)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EPSON Artisan 720 Series Printer Uninstall (HKLM\...\EPSON Artisan 720 Series) (Version:  - SEIKO EPSON Corporation)
Epson CreativeZone (HKLM\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Event Manager (HKLM\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FindingDiscount (HKLM\...\FindingDiscount) (Version:  - )
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKU\S-1-5-21-2961099189-892354221-2781886693-1003\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.54.11 - Logitech, Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.80) (Version:  - )
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
Norton Security Suite (HKLM\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Photo Scanner Software (HKLM\...\{00EA56EB-5F6C-4706-907A-EE111EDC6C82}) (Version: V3.0.0 - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.3 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Chrome\Application\44.0.2403.155\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{A5443D71-FA86-6242-AEBE-1A52D789A5AC}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{F46C62FD-73C2-4876-894C-C09D3A77B013}\InprocServer32 -> C:\Users\Joanna\AppData\Local\Google\Update\1.3.28.5\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
09-08-2015 17:09:40 Windows Backup
09-08-2015 18:02:07 Restore Operation
09-08-2015 19:43:18 Windows Backup
10-08-2015 03:00:24 Windows Update
10-08-2015 06:53:16 Windows Backup
10-08-2015 08:55:12 Removed Nero MediaHome Free.
10-08-2015 08:59:53 Removed Easy Photo Print Plug-in for PMB(Picture Motion Browser)aRF
10-08-2015 09:00:17 Removed Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
10-08-2015 09:24:18 Removed Logitech QuickCam
10-08-2015 09:27:18 Removed Roxio MyDVD Premier
12-08-2015 00:30:37 Windows Update
13-08-2015 20:38:51 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C4DA452-BFDF-4227-AC06-E967B2A455D9} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2EA55E8F-18AA-4B16-8440-9D3B6A9C4373} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {320C0510-4F12-4078-B740-5230FB9EF071} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003Core => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)
Task: {3998DDB7-7828-47EB-A269-73FF886302B1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {5561C66B-0592-41B1-A760-E99A9906E7EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9808D1EC-D292-479B-8111-7B713507D544} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003UA => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)
Task: {D07B4D68-2D95-43E4-BACA-2DB7D6B12AFC} - System32\Tasks\{0738F35D-D2AB-458F-899B-1826D70E246A} => C:\Program Files\Skype\Phone\Skype.exe
Task: {FA98CDCB-B6FC-45D6-8100-65F013C890F4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Joanna => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {FBDD453B-B8C4-4DC2-A1CD-9540AE9B884F} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003Core.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961099189-892354221-2781886693-1003UA.job => C:\Users\Joanna\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-12 08:31 - 2015-08-07 20:13 - 16393032 _____ () C:\Users\Joanna\AppData\Local\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:4B1BA31B
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{64A99F82-C8C5-4397-89F9-CB810B3957C7}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{9E644730-199C-4EE1-A934-7637F4854E5D}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{5DF02FF5-62E8-41E5-B874-916026DB2DCC}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{BFA245B1-557F-4126-9233-A12A745EA087}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{DA20826D-1E9D-45F2-A578-E697A80CE577}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{4FC4AB9A-D4B3-474E-9A9E-323E4AFDEB03}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{9A4A39A8-2E3C-406A-B333-EDA1C67C2AAA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45467965-501B-4A54-A64F-F003D86A30EB}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{13E444F1-B021-4828-B3C0-7BD73FD779FC}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{0D18E4A1-4A1C-434B-AD84-7F94D2A5A10D}] => (Allow) LPort=80
FirewallRules: [{F6D458A2-DC41-45B3-969E-02602208E58C}] => (Allow) LPort=80
FirewallRules: [{C63949D8-9D29-43C4-9E19-4B237458FA67}] => (Allow) LPort=80
FirewallRules: [TCP Query User{8853DEB0-F4C4-4321-A0B0-3D23E298D1E5}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4E78BC67-A5E7-4EA2-99FD-2DF10F615B61}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{38758040-ECA8-43B3-9A17-6F202E358CB5}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{E816B7A0-814A-41FE-AF7F-DA729B849735}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{72410422-0B92-4BF8-B9C0-3423CB841F6C}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{06345F0D-CFEC-4D60-8A62-8001EEDF1373}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6B15825-CEB7-438B-9E5A-7A674C219B8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B89C018-CE60-467F-A32C-B01A4E88C9F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EE80989-1769-41C6-961B-571F6FAFA536}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{79852165-7A47-457F-9AC2-3FFE6C932454}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F65BA7C-91FB-4774-BA1A-F7E236173712}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2015 07:02:12 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/15/2015 06:31:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/15/2015 06:24:00 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/14/2015 04:06:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569
 
Error: (08/14/2015 04:06:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569
 
Error: (08/14/2015 04:06:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/13/2015 08:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15709
 
Error: (08/13/2015 08:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15709
 
Error: (08/13/2015 08:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/12/2015 09:12:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
 
 
System errors:
=============
Error: (08/15/2015 07:05:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (08/15/2015 07:03:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (08/15/2015 07:03:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BHDrvx86
ccSet_N360
eeCtrl
IDSVix86
spldr
SRTSP
SRTSPX
SymIRON
SYMTDIv
Wanarpv6
 
Error: (08/15/2015 07:03:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (08/15/2015 07:02:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/15/2015 07:02:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (08/15/2015 07:02:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/15/2015 07:02:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/15/2015 06:44:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceDHCP Client%%1056
 
Error: (08/15/2015 06:41:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
 
Microsoft Office:
=========================
Error: (01/30/2011 05:28:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 218 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (11/26/2009 09:55:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/19/2007 09:44:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 200 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (11/04/2007 11:02:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 170 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-15 19:22:27.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:26.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:26.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:26.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:25.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:25.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:25.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:24.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:24.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-15 19:22:23.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T7400 @ 2.16GHz
Percentage of memory in use: 69%
Total physical RAM: 2045.73 MB
Available physical RAM: 631.68 MB
Total Virtual: 4334.48 MB
Available Virtual: 2947.97 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:174.25 GB) (Free:101.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.36 GB) NTFS
Drive f: () (Removable) (Total:7.58 GB) (Free:7.58 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: 80000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=174.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: 024BBA6F)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0B)
 
==================== End of log ============================
 

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello lasombrs and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Can you first of all confirm if you can boot normally?

    Thanks

  • 0

#3
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi Bruce1270,

 

My computer will boot, and go past the normal windows vista log in screen. It now currently goes to an all black screen with a white mouse that is moveable. If I click ctr+alt+del I can access my task manager like normal, i can then start a new task to launch explorer.exe and get into my desktop like normal. Some programs seem to no longer work though. Norton security suite that came with my xfinity, comcast account will not start, or scan my computer in anyway.

 

My computer is iffy on booting though. There is probably a 50/50 chance i will get the blue screen described above and it will take me hours of going in circles of trying to restore to a working time to get back in. When it does boot though i only get the black screen and have to force start explorer.exe.

 

Thank you


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi lasombrs

Sorry for the delay. Lets see if we can get things running for you again. :)

Step1 - Uninstall Norton

At present as your Norton is not working I would like you to uninstall it meantime.
  • To do this download Norton Removal Tool to your desktop.
  • Double click the file and follow the instructions.
  • If it asks to reboot the computer do not do this at the moment.


    Step2 - Set the system to Clean Boot
  • To do this follow these intructions here . Scroll down the page and follow steps for windows 7 and windows vista
  • Do not click Restart yet.


    Step3 - Remove unwanted programs

    Please uninstall the following unwanted programs:

    Coupon Printer for Windows
    FindingDiscount
    URL Assistant


    Note: If any of the programs are not listed, proceed to the next one and work through the list.

    To do this:
    Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
    In the list of installed programs locate and click on the program to uninstall e.g. Coupon Printer for Windows
    Click uninstall.
    Repeat the above steps for all the other programs to remove.


    Step4 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop. Attached File  fixlist.txt   9.84KB   131 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Things for your next post:
  • fixlog.txt
  • Did your computer manage to boot normally using clean boot?

  • 0

#5
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

About to work on this now.My computer had me blocked for a few days not letting me even into safe mode. Will reply again with requested info as soon as i can.Just wanted you to know i saw this and am trying :)

 

About to restart computer, will report back about the clean boot, from phone if necessary lol

 

Fix log pasted below, thank you for your time!:

Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015
Ran by Joanna (2015-08-20 18:35:14) Run:1
Running from C:\Users\Joanna\Desktop
Loaded Profiles: Joanna (Available Profiles: Joanna)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
GroupPolicyScripts: Group Policy detected <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77de8857&p2=^hj^xdm017^yy^us&ptb=753b0ac6-c38b-4456-a92b-999ac41eeb9f&si=pconverter
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60180
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60180
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80116&lng=en
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2961099189-892354221-2781886693-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-08-07]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (SwagButton) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-06-21]
CHR Extension: (Pin It Button) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-21]
CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
S2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1051632 2015-05-18] (Coupons.com Inc.)
S2 N360; C:\Program Files\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
S1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150728.001_2f0\BHDrvx86.sys [1181936 2015-07-28] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-08-06] (Symantec Corporation)
S1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150807.001\IDSvix86.sys [523512 2015-08-06] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVENG.SYS [104440 2015-08-06] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150807.017\NAVEX15.SYS [1645432 2015-08-06] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-06-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS [384728 2014-08-25] (Symantec Corporation)
2015-08-08 14:58 - 2015-08-08 14:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(33)
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\Program Files\Coupons
2015-07-01 19:26 - 2015-07-01 19:26 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-06-21 13:57 - 2015-08-09 18:14 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-21 13:57 - 2015-06-21 13:57 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-06-21 13:57 - 2015-06-21 13:57 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-06-21 13:56 - 2015-06-22 14:48 - 00002182 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-06-21 13:56 - 2015-06-21 13:56 - 00000000 ____D C:\Users\Joanna\Documents\Bluetooth Exchange Folder
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-06-21 13:54 - 2015-08-09 18:14 - 00000000 ____D C:\Program Files\Norton Security Suite
2015-06-21 13:54 - 2015-08-09 17:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(91)
2015-06-21 13:54 - 2015-08-09 04:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(90)
2015-06-21 13:54 - 2015-08-09 04:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(88)
2015-06-21 13:54 - 2015-08-09 03:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(83)
2015-06-21 13:54 - 2015-08-08 21:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(87)
2015-06-21 13:54 - 2015-08-08 21:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(74)
2015-06-21 13:19 - 2015-06-21 13:19 - 00000000 ____D C:\Users\Joanna\Documents\Symantec
2015-06-21 12:57 - 2015-08-08 15:02 - 00000000 ____D C:\ProgramData\Norton
2015-06-21 12:57 - 2015-08-08 13:46 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-21 12:57 - 2015-06-21 14:20 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
Task: {0C4DA452-BFDF-4227-AC06-E967B2A455D9} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3998DDB7-7828-47EB-A269-73FF886302B1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {FBDD453B-B8C4-4DC2-A1CD-9540AE9B884F} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
AlternateDataStreams: C:\ProgramData\TEMP:4B1BA31B
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
RemoveProxy:
Hosts:
EmptyTemp: 
 
*****************
 
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => key not found. 
HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found. 
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value not found.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => value not found.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm folder not found.
C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic folder not found.
C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif folder not found.
C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk folder not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => key not found. 
CouponPrinterService => service not found.
N360 => service not found.
BHDrvx86 => service not found.
ccSet_N360 => service not found.
eeCtrl => service not found.
IDSVix86 => service not found.
NAVENG => service not found.
NAVEX15 => service not found.
SRTSP => service not found.
SRTSPX => service not found.
SymDS => service not found.
SymEFA => service not found.
SymEvent => service not found.
SymIRON => service not found.
SYMTDIv => service not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(33)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"C:\Program Files\Coupons" => File/Folder not found.
"C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB" => File/Folder not found.
"C:\Program Files\Common Files\Symantec Shared" => File/Folder not found.
"C:\Windows\system32\Drivers\SYMEVENT.SYS" => File/Folder not found.
"C:\Windows\system32\Drivers\SYMEVENT.CAT" => File/Folder not found.
"C:\Users\Public\Desktop\Norton Security Suite.lnk" => File/Folder not found.
"C:\Users\Joanna\Documents\Bluetooth Exchange Folder" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite" => File/Folder not found.
"C:\Windows\system32\Drivers\N360" => File/Folder not found.
"C:\Program Files\Norton Security Suite" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(91)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(90)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(88)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(83)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(87)" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite(74)" => File/Folder not found.
"C:\Users\Joanna\Documents\Symantec" => File/Folder not found.
C:\ProgramData\Norton => moved successfully
C:\Users\Public\Downloads\Norton => moved successfully
C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton => moved successfully
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6} => key not found. 
HKU\S-1-5-21-2961099189-892354221-2781886693-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C4DA452-BFDF-4227-AC06-E967B2A455D9} => key not found. 
C:\Windows\System32\Tasks\Norton Security Suite\Norton Error Processor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Processor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3998DDB7-7828-47EB-A269-73FF886302B1} => key not found. 
C:\Windows\System32\Tasks\Norton WSC Integration not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDD453B-B8C4-4DC2-A1CD-9540AE9B884F} => key not found. 
C:\Windows\System32\Tasks\Norton Security Suite\Norton Error Analyzer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Analyzer => key not found. 
"C:\ProgramData\TEMP" => ":4B1BA31B" ADS not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
Unable to connect to BITS - 0x80070422
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state off =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-4077378911-2981434329-108007331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-4077378911-2981434329-108007331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 239.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:36:02 ====

Edited by lasombrs, 20 August 2015 - 04:39 PM.

  • 0

#6
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Well the computer instantly booted to the same blue screen page fault in non paged area again. Only now in safe mode with network it no longer can contest to the internet :/ seems something wiped the wifi card drivers? I have no way to connect to the internet now to download those drivers not really sure what to do there
  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok . Acknowledged . Did you manage to run or complete any of the instructions?
  • 0

#8
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ok . Acknowledged . Did you manage to run or complete any of the instructions?


Yes I posted that first, just in case, then rebooted in the clean boot state and now I can no longer access the internet.
  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Lasombrs

Let's see if we can get the internet connection up and running again. :)

FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Edited by Bruce1270, 21 August 2015 - 10:48 AM.

  • 0

#10
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I think I figured out the internet issue. the clean boot disabled the drivers i think. I ran this just to be safe though. I can intermittently get back into windows normal again now. FRST was no where to be found on my machine though, i had to re down load. txt files were on my desk top though. still getting bsod. I have tested, and removed each ram chip one at a time to see if that is causing my blue screen, but there was no improvement or error found. Just thought i'd make sure its not hardware issue :) Wish i knew why my machine hated me so sad this month!

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015 01
Ran by Joanna (2015-08-21 14:24:03) Run:2
Running from C:\Users\Joanna\Desktop
Loaded Profiles: Joanna (Available Profiles: joanna)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2601:188:c201:755b::b3fc
   IPv6 Address. . . . . . . . . . . : 2601:188:c201:755b:86:414b:2fa1:dea5
   Temporary IPv6 Address. . . . . . : 2601:188:c201:755b:21a9:ab1:a842:8e7
   Link-local IPv6 Address . . . . . : fe80::86:414b:2fa1:dea5%16
   Default Gateway . . . . . . . . . : fe80::68ee:96ff:fefb:9b48%16
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net
   IPv6 Address. . . . . . . . . . . : 2601:188:c201:755b::b3fc
   IPv6 Address. . . . . . . . . . . : 2601:188:c201:755b:86:414b:2fa1:dea5
   Temporary IPv6 Address. . . . . . : 2601:188:c201:755b:21a9:ab1:a842:8e7
   Link-local IPv6 Address . . . . . : fe80::86:414b:2fa1:dea5%16
   IPv4 Address. . . . . . . . . . . : 10.0.0.117
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::68ee:96ff:fefb:9b48%16
                                       10.0.0.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Echo Request, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => 74.2 MB temporary data Removed.
 
 
The system needed a reboot.
 

==== End of Fixlog 14:24:50 ==== 


  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Lasombrs

Ok. we'll try another tool to see what that can reveal.

Step1 - RogueKiller

Download RogueKiller from here to your desktop.
  • Quit all running programs
  • right click on the icon roguekiller, click on run as administrator
  • The application will automatically start a pre scan. Please allow this to complete. It may take a minute or so.
  • Once completed a box will open. Please click Accept to the End User Licence Agreement (EULA)
  • A browser window may open. Close this window.
  • Click on Scan
  • When the scan is finished click on Report.
  • A report called RKreport_SCN_date_time will open.
  • Click edit, Select All and then Copy (CTRL + C) and Paste (CTRL + V) in your next reply.

    Thanks

  • 0

#12
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I have left the window open to wait for your instructions before i delete or move around anything the rouge program found. It also requested I allow it to upload a file called bootstrap to a website so it could try to find out what it was.

 

RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Software
 
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Joanna [Administrator]
Started from : C:\Users\Joanna\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/22/2015 10:34:15
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-4077378911-2981434329-108007331-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://h20219.www2.h...-0-225-121.html -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-4077378911-2981434329-108007331-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://h20219.www2.h...-0-225-121.html -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS722020K9A300 ATA Device +++++
--- User ---
[MBR] 030b6f870780260fe9b1c2aac70d0f9f
[BSP] e223061d7b1f736c4877938e9af93bcf : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21100544 | Size: 178430 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 386525184 | Size: 2048 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Wintec Flash Disk USB Device +++++
--- User ---
[MBR] a5d29a95c284b2f7595119134ab5c61d
[BSP] 6b70c5c4efd89e4d272b14a4ac7d9ec9 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 7783 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Lasombrs

Rogue Killer hasn't thrown up anything out of the ordinary but we'll run a few more tools to clear out any remaining junk. Close dowb Rogue Killer by clicking on File then Exit.

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by thisisu and save it to your desktop.

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7.Reboot your machine


Step2 - adwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - Download Who Crashed

  • Download WhoCrashed to your desktop.
  • Right click on the file and select Run as administrator.
  • Accept the Licence agreement to install the software.
  • Click the Analyse button.
  • Once analysis complete scroll down to view the report.
  • Please copy and paste the report produced in your next reply.

    Things for your next post.
  • JRT.txt
  • AdwCleaner[C*].txt
  • WhoCrashed analysis
  • How is the computer behaving?

    Thanks

  • 0

#14
lasombrs

lasombrs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am still getting the blue screen, but maybe once every 3-4 start ups instead of every single time. I am currently able to continue to get into normal mode which is a great improvement. I googled the driver suggested by whocrashed but the only google reply is link to this forum post :) it isn't given as the reason for every crash though only 2 of the 5 i believe. I will try to find out what the driver belongs to though and see if i can find an update another way
 
*edit* So i dug through my computer and i found the driver xdva511.sys listed under hidden non-plug and play drivers. Manufacturer and location unknown, lots of various info available if i right click, properties, and then details. not sure what is useful info though. I have no idea if this driver is supposed to be installed or is the cause of my issues. */edit*
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows Vista ™ Ultimate x86
Ran by Joanna on Sat 08/22/2015 at 16:16:44.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_30DE51239BAA92A81E36F17671881104
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Joanna\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
Successfully deleted: [File] C:\Users\Joanna\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Joanna\AppData\Roaming\solvusoft
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Successfully deleted: [Folder] C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gngocbkfmikdgphklgmmehbjjlfgdemm
gpdjojdkbbmdfjfahjcgigfpmkopogic
 
[C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Joanna\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  gngocbkfmikdgphklgmmehbjjlfgdemm,
  gpdjojdkbbmdfjfahjcgigfpmkopogic
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/22/2015 at 16:22:12.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
# AdwCleaner v5.003 - Logfile created 22/08/2015 at 16:34:45
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 1 (x86)
# Username : Joanna - Joanna-PC
# Running from : C:\Users\Joanna\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\system32\roboot.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : free-windows-cleanup-tool.en.softonic.com
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hetman-partition-recovery.en.softonic.com
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : 
[-] [C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP185CD29E-11D2-4FBA-962F-D1AAE8AADD70&SSPV=","hxxp://mysearch.avg.com/?cid={FA460AE0-DD6B-4514-89A9-1C8098C64FFD}&mid=802b84d698b747d39b13d141e7e1f1d8-4f674106b91817704173c0e41e213f64f9c6f7cf&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-14%2009:50:31&v=17.0.1.12&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={FA460AE0-DD6B-4514-89A9-1C8098C64FFD}&mid=802b84d698b747d39b13d141e7e1f1d8-4f674106b91817704173c0e41e213f64f9c6f7cf&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05%2015:14:47&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP185CD29E-11D2-4FBA-962F-D1AAE8AADD70&SSPV=","hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_35.0.1916.153&apn_uid=D1C8A962-D86B-42B8-8ECE-5A4EC230F390&itbv=12.15.1.20&doi=2014-07-18&psv=&pt=tb","hxxp://www.google.com
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2796 bytes] ##########
 
 
 
System Information (local)
--------------------------------------------------------------------------------
 
Computer name: Joanna-PC
Windows version: Windows Vista Service Pack 1, 6.0, build: 6001
Windows dir: C:\Windows
Hardware: MXG061 , Dell Inc., 0CF456
CPU: GenuineIntel Intel® Core™2 CPU T7400 @ 2.16GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2145107968 bytes total
 
 
 
 
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
 
Crash dump directory: C:\Windows\Minidump
 
Crash dumps are enabled on your computer.
 
On Sat 8/22/2015 1:47:41 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini082215-01.dmp
This was probably caused by the following module: xdva511.sys (XDva511+0x2398) 
Bugcheck code: 0x50 (0xFFFFFFFF93A2B318, 0x0, 0xFFFFFFFF9C167398, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: xdva511.sys . 
Google query: xdva511.sys PAGE_FAULT_IN_NONPAGED_AREA
 
 
 
On Sat 8/22/2015 1:47:41 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: xdva511.sys (XDva511+0x77BF) 
Bugcheck code: 0x50 (0xFFFFFFFF93A2B318, 0x0, 0xFFFFFFFF9C167398, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: xdva511.sys . 
Google query: xdva511.sys PAGE_FAULT_IN_NONPAGED_AREA
 
 
 
On Fri 8/21/2015 5:56:03 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini082115-02.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xA5155) 
Bugcheck code: 0x50 (0xFFFFFFFF9E24E2C0, 0x0, 0xFFFFFFFF81C56360, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. 
 
 
 
On Fri 8/21/2015 11:00:01 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini082115-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xA5155) 
Bugcheck code: 0x50 (0xFFFFFFFF9D04E2C0, 0x0, 0xFFFFFFFF8189F360, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. 
 
 
 
On Thu 8/20/2015 12:43:24 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini081915-01.dmp
This was probably caused by the following module: dxgkrnl.sys (dxgkrnl+0x7AD4F) 
Bugcheck code: 0x116 (0xFFFFFFFF83DA6428, 0xFFFFFFFF8B616680, 0x0, 0x2)
Error: VIDEO_TDR_ERROR
file path: C:\Windows\system32\drivers\dxgkrnl.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: DirectX Graphics Kernel
Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed. 
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 
 
 
 
 
 
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
 
5 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers: 
 
xdva511.sys 
 
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination with the errors that have been reported for these drivers. Include the brand and model name of your computer as well in the query. This often yields interesting results from discussions on the web by users who have been experiencing similar problems.
 
 
Read the topic general suggestions for troubleshooting system crashes for more information. 
 
Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 

Edited by lasombrs, 22 August 2015 - 03:08 PM.

  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi lasombrs

Let's try this fix to see if this helps.

Step1 - Remove Clean Boot state
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter.
  • On the General tab, click the Normal Startup option, and then click OK.
  • Do not Restart your computer yet.


    Step2 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Open notepad and copy/paste the text in the quotebox below into it:

    CreateRestorePoint:
    S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
    S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
    EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Things for your next post:
  • fixlog.txt
  • Is your computer still giving you the BSOD?

    Thanks

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP