Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Restore Corruption - possible malware [Solved]


  • This topic is locked This topic is locked

#1
dbrupp

dbrupp

    Member

  • Member
  • PipPip
  • 49 posts

Hi,

Fusionbomb was assisting me via http://www.geekstogo...-restore-issue/ and suggested I submit a request to the malware side.

In short, someone else was using my Windows 4 Home Premium 64-bit desktop PC and when I logged on the following day, may of my icons were missing, I wasn't able to download, my dropbox and Chrome were missing...it was like my PC reverted back to a very old period. 

In it's current state, I'm unable to download to my desktop and when I create .doc and save it, I am unable to open it.

The person who used my PC said they didn't open any attachments, go to suspect websites, or get any pop-ups to click "ok" / "cancel" to

I've tried restoring my PC to a more current period, but everytime my PC reboots after the restore, I get a message that the restore could not be completed.

Another important note is that after I login to my PC with my password, I get a message that the system could not log in to my profile and logged in to the system default user (I don't remember verbatim, but it's something like that)

Fusionbomb had me run mini toolbox and checked the output. They said that nothing stood out and I should see if you may be able to assist on the malware side. 

I wasn't able to save the Fabar Recovery Tool to my desktop, but was able to run it from the "view downloads in windows explorer".  Unfortunately, from here, it didn't allow me to right click and "run as administrator".  A quick look at the "additional" log says that it was run by administrator so I think I got what you require.

Below are the logs you require.

Kindly let me know if you have any questions and thank you for taking a look

.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by admin (administrator) on FRONT_DESK on 30-04-2015 06:56:35
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Loaded Profiles: False (Available profiles: admin) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
() C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe [32768 2008-10-02] (Sage Software, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1430390514
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-09-20]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
SearchScopes: HKLM -> DefaultScope {0D017962-AB89-4641-A857-7CF93A09570A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0D017962-AB89-4641-A857-7CF93A09570A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0E41A470-5078-4933-AF0A-AFDA115D4623} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {0D017962-AB89-4641-A857-7CF93A09570A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0D017962-AB89-4641-A857-7CF93A09570A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0E41A470-5078-4933-AF0A-AFDA115D4623} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> DefaultScope {0D017962-AB89-4641-A857-7CF93A09570A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-04] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://asgaccess.st...SetupClient.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll [2014-04-17] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
StartMenuInternet: Google Chrome - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-17] (AVG Secure Search)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-17] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [26624 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 06:56 - 2015-04-30 06:56 - 00000000 ____D () C:\FRST
2015-04-23 09:59 - 2015-04-23 09:59 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Local\MFAData
2015-04-23 09:59 - 2015-04-23 09:59 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Local\Avg2015
2015-04-14 19:50 - 2015-04-30 06:39 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-04-14 19:50 - 2015-04-14 19:51 - 00021544 _____ () C:\Windows\iis7.log
2015-04-14 19:50 - 2015-04-14 19:50 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-04-14 19:50 - 2015-04-14 19:50 - 00000000 ____D () C:\inetpub
2015-04-14 11:32 - 2015-04-14 11:32 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-04-14 08:22 - 2015-04-30 06:40 - 00000000 ___RD () C:\Users\TEMP.Front_Desk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-14 08:22 - 2015-04-30 06:40 - 00000000 ___RD () C:\Users\TEMP.Front_Desk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-14 08:22 - 2015-04-30 06:40 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Roaming\PictureMover
2015-04-14 08:22 - 2015-04-30 06:40 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-04-14 08:22 - 2015-04-30 06:40 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Local\Hewlett-Packard
2015-04-14 08:22 - 2015-04-14 08:22 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Local\Google
2015-04-14 08:22 - 2014-12-14 15:42 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Roaming\Hewlett-Packard
2015-04-14 08:22 - 2013-01-31 10:21 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Roaming\TuneUp Software
2015-04-14 08:22 - 2010-03-16 10:13 - 00000000 ____D () C:\Users\TEMP.Front_Desk\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 06:56 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 06:56 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 06:53 - 2012-06-01 15:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000UA.job
2015-04-30 06:47 - 2014-12-18 16:53 - 01943135 _____ () C:\Windows\WindowsUpdate.log
2015-04-30 06:41 - 2014-02-06 10:03 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2015-04-30 06:41 - 2014-02-06 10:03 - 00000372 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2015-04-30 06:41 - 2013-05-01 08:23 - 00000406 _____ () C:\Windows\Tasks\ROC_SYS_TASK.job
2015-04-30 06:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 06:40 - 2014-12-27 11:33 - 00005936 _____ () C:\Windows\setupact.log
2015-04-30 06:40 - 2013-09-04 09:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-30 06:40 - 2012-06-01 15:05 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-30 06:40 - 2010-11-10 19:00 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-30 06:40 - 2009-09-20 04:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-04-30 06:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-30 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-04-30 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-04-30 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-30 06:31 - 2014-12-18 17:19 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadmin
2015-04-30 06:31 - 2014-12-18 17:19 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForadmin.job
2015-04-26 12:22 - 2010-03-16 09:53 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-23 09:53 - 2012-06-01 15:04 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000Core.job
2015-04-14 19:51 - 2010-03-28 15:20 - 00843646 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 19:51 - 2009-07-14 01:13 - 00887248 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 19:42 - 2010-04-13 10:21 - 00000376 _____ () C:\Windows\ODBC.INI
2015-04-14 08:56 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-14 08:22 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-13 08:25 - 2013-09-04 10:47 - 00000000 ___RD () C:\Users\admin\Dropbox
2015-04-13 08:25 - 2012-12-31 12:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Dropbox
2015-04-09 08:38 - 2013-09-04 10:47 - 00001023 _____ () C:\Users\admin\Desktop\Dropbox.lnk
2015-04-09 08:21 - 2015-02-05 09:34 - 00000680 _____ () C:\Windows\PFRO.log
2015-03-31 10:00 - 2010-03-13 16:14 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

==================== Files in the root of some directories =======

2011-05-13 09:18 - 2011-05-13 09:18 - 0001854 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\GhostObjGAFix.xml

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfmwjv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-26 17:03

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by admin at 2015-04-30 06:57:49
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-2320660683-4082587280-8486143-1000 - Administrator - Enabled) => C:\Users\TEMP.Front_Desk
Administrator (S-1-5-21-2320660683-4082587280-8486143-500 - Administrator - Disabled)
Guest (S-1-5-21-2320660683-4082587280-8486143-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveState Komodo Edit 7.0.2 (HKLM-x32\...\{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}) (Version: 7.0.2 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
GimPad 1.1 (HKLM-x32\...\GimPad) (Version: 1.1 - Ek kian)
GimPhoto 1.4.3 (HKLM-x32\...\GimPhoto) (Version: 1.4.3 - Ek kian)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
Peachtree Accounting 2009 (x32 Version: 16.00.02 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2009 (HKLM-x32\...\InstallShield_{43591480-A322-48C4-9C33-88CC1B84D6EF}) (Version: 16.00.02 - Sage Software, Inc.)
Peachtree Pro Accounting 2009 (HKLM-x32\...\Peachtree Pro Accounting) (Version:  - )
PeachTree Signature Ready Forms (x32 Version: 6.3.0 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 Workgroup (32-bit) (HKLM-x32\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.0.204.000 - Pervasive Software)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

25-03-2015 11:05:25 Windows Update
30-03-2015 08:34:33 Windows Update
03-04-2015 08:37:24 Windows Update
07-04-2015 13:38:20 Windows Update
12-04-2015 19:32:57 Windows Update
14-04-2015 09:05:09 Restore Operation
14-04-2015 19:49:41 Windows Modules Installer
23-04-2015 06:49:25 Windows Update
26-04-2015 16:39:12 Windows Update
29-04-2015 20:22:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0888AA57-DF3F-41B1-B71C-C1095C6B18BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0EFC4172-8DDF-48A8-B5D9-79FE1B67E669} - System32\Tasks\{562DB3C0-FB29-404C-AEF6-CBAC87983736} => pcalua.exe -a E:\vscan85.exe -d E:\
Task: {2CC86EA1-B53B-4480-882D-B36C677B729E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01] (Google Inc.)
Task: {304914F1-697F-4860-BE2E-DBD6B031AC6B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {3989AB76-5916-40BB-A744-A384939AABCB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01] (Google Inc.)
Task: {7172A016-2CD8-42DE-928B-001A7087A9BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {73B94CB2-364C-44BE-941B-2761D27E1DDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C4262CEE-AD7C-4AE7-B844-580E6DC51950} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-06] ()
Task: {CAC112AA-25EB-44AA-B1AC-6C9BB1223DDD} - System32\Tasks\ROC_SYS_TASK_DELETE => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe [2013-03-27] ()
Task: {EA449D3D-5257-4E3A-9190-3A50A50A1C1F} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-06] ()
Task: {ED593CE6-5698-4EF1-93D3-50E763EB7C47} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {F1516D33-EC79-46BD-9B9B-CA355721A2A8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {F5CED884-18B9-4AE3-9CBD-AD076D1C9786} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F9F681B7-FCFD-4D72-B771-9C29E4FDD543} - System32\Tasks\ROC_SYS_TASK => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe [2013-03-27] ()
Task: {FDDA7828-5E7C-4114-92A1-CD7044538DB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2320660683-4082587280-8486143-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\ROC_SYS_TASK.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\ROC_SYS_TASK_DELETE.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe

==================== Loaded Modules (whitelisted) ==============

2010-04-13 12:54 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2007-09-05 11:25 - 2007-09-05 11:25 - 00455968 _____ () C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2014-04-17 12:14 - 2014-04-17 12:14 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-06 10:03 - 2014-02-06 10:02 - 02606616 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
2013-05-01 08:21 - 2013-03-27 11:57 - 01277464 _____ () C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
2009-07-08 17:35 - 2009-07-08 17:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\admin\Desktop\BFC 2. August.doc:com.dropbox.attributes
AlternateDataStreams: C:\Users\admin\Desktop\Harmony Logo.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\admin\Desktop\Re-Enrollment Email.doc:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{73BEB83F-1096-4A84-8A3A-64A10ADFE2D1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7F9BB7CF-77BD-46A1-8C35-7883F7999367}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{D527527E-E46C-43D2-B964-4A980AF448DB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{A68A0A1C-ED21-4F02-A345-E09F2F23037F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{55DBD7C8-58D0-4C91-A194-EDB1C7183116}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{41A86DD9-9404-4417-B086-3EDC770FBABC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6EB4E55C-5885-4FCE-94A0-0993D7C9109A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{4CC9F0A3-F074-4074-AA15-26F05A64178F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{9D0F800E-3B35-4BB7-84DF-D4CC7F91A2E1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{32AD0AAA-8DF4-4835-876D-EA717DF1A890}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{6E302989-E8D1-4D2D-92A7-3978ED9B1B8D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{46B142DB-EBB6-4525-8053-6B31FBD3E22E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{27FE9722-6BC1-4BA3-80C6-5DB32ECEB2F1}] => (Allow) LPort=1583
FirewallRules: [{CCBB431F-EB26-433E-99EE-49BEF5A4E1D6}] => (Allow) LPort=3351
FirewallRules: [{6641A957-EA79-4407-A556-C2EAC114F733}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{743CDD94-D495-4DD1-B857-F49B6509F334}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D722BB59-2BA7-40BF-88E1-B97E1119F424}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{42789CA2-9BA0-4AC5-8E34-420A68F753D6}] => (Allow) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B2A0610C-15D6-439C-82A7-19060F68B992}] => (Allow) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B3BEC565-D289-4209-B182-C30700C8EA95}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{93697090-4594-482C-871C-4DEEA1611547}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{09F25AD5-BCEF-40BD-9158-35545DB91695}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2C725C08-805D-4C1F-9074-B5F5D60026E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BD893C61-EEAC-493F-A862-E943BCEFDC25}] => (Allow) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2015 06:42:03 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (04/30/2015 06:41:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/30/2015 06:41:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/30/2015 06:34:19 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/30/2015 06:31:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/30/2015 00:57:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/29/2015 08:11:08 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/29/2015 08:11:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/28/2015 08:13:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/27/2015 08:36:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

System errors:
=============
Error: (04/30/2015 06:35:32 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/30/2015 06:34:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/30/2015 06:34:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/30/2015 06:34:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/30/2015 06:34:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/30/2015 06:34:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
MpFilter
spldr
Wanarpv6

Error: (04/30/2015 06:34:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%31

Error: (04/30/2015 06:34:00 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%834

 Error Code: 0x8007043c

 Error description: This service cannot be started in Safe Mode

 Reason: %%858

Error: (04/26/2015 04:42:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.687.0).

Error: (04/26/2015 04:40:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.197.668.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (04/30/2015 06:42:03 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005

Error: (04/30/2015 06:41:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/30/2015 06:41:50 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/30/2015 06:34:19 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/30/2015 06:31:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/30/2015 00:57:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (04/29/2015 08:11:08 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/29/2015 08:11:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/28/2015 08:13:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

Error: (04/27/2015 08:36:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Front_Desk)
Description: Access is denied.

==================== Memory info ===========================

Processor: AMD Athlon™ II X4 620 Processor
Percentage of memory in use: 19%
Total physical RAM: 7935.23 MB
Available physical RAM: 6402.57 MB
Total Pagefile: 15868.65 MB
Available Pagefile: 14164.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:919.41 GB) (Free:864.46 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Welcome. Sorry for the delay. Please let me know if you still require assistance.


  • 0

#3
dbrupp

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hi BrianDrab,

Thank you very much for responding.  I've been doing some research and found that Microsoft released a corrupt update.  It was causing my PC to login as 'default user' even though I logged w/ my username and password.  In my Regedit, I had to make a name change in the profile list and reboot my PC to fix the issue. This is what I did just now and it resolved my issue.

 

Go to start and type Regedit in the search box

> click on HKey Local machine

>>software

>>>microsoft

>>>>windows nt

>>>>>current version

>>>>>>profile list

From here, there were 2 long entries starting with S-1-5-21....1000 (there are a lot of numbers in between the 21 and 1000 and they may be different on different machines).  These 2 entries were exactly the same, except one ended in '.bak' and the other had nothing after '1000'.

At first, I changed the '.bak' entry to '.tmp' and rebooted my PC and it didn't work; although, it was my understanding that should have fixed the issue.

So, I went back in to the same path in Regedit and changed the entry that ended in '1000' to '1000.tmp' and removed the '.tmp' from the other entry.

 

*note- because Regedit cannot have the same values, I had to change my '.tmp' from my initial try back to '.bak' then I was able to make the update.  I hope that this all makes sense and is able to help someone else who may be having the same issue.

 

Please close this topic as resolved.  I appreciate your time.

-Doug


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for letting us know and for providing the resolution. Many people don't do that and it's appreciated. Take care.


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP