Possible virus. Laptop has been slow, crashed a couple of times, and Malwarebytes detected
PUP.Optional.Conduit - 3 threats. They were advised to quarantine. Malwarebytes also
advised to use Adwcleaner program as well, which I did.
Upon doing so I downloaded and tried to open the new yahoo messenger v0.8.109. I get an
error message stating this and it will not open:
The message entry point GetCurrentProcessedExplicitAppUsedModel1D
could not be located in the dynamic link library SHELL32.dll
I looked this up online and stated, maybe something in my system is mimicing that dll.
Could be a virus. I have attached copies of the Malwarebytes threats, AdwCleaner report
and a screen shot of the error in yahoo. If you would like them. I'll attached.
Problem just started 2 days ago. Appreciate your help.
___________________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-08-2016
Ran by Dove (administrator) on DOVE-PC (03-08-2016 17:38:16)
Running from C:\Users\Dove\Desktop
Loaded Profiles: Dove (Available Profiles: Dove)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-04-26] (Synaptics, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442433 2008-05-06] (IDT, Inc.)
HKU\S-1-5-21-2216220318-1106448592-600384341-1001\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [643752 2011-04-12] ()
HKU\S-1-5-21-2216220318-1106448592-600384341-1001\...\Run: [LMADImon] => C:\Program Files\Lexmark Pro710 Series\LMADImon.exe [946856 2011-06-17] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9B5A4C48-295C-4B98-A706-5F511E86EB2E}: [DhcpNameServer] 192.168.111.1
Tcpip\..\Interfaces\{BB57FBF3-12C1-439E-BFCB-735CC16F6CCE}: [DhcpNameServer] 4.2.2.1 4.2.2.2
Tcpip\..\Interfaces\{E6C4AA84-B6F4-4CD5-BA96-1FE9DF27274C}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
HKU\S-1-5-21-2216220318-1106448592-600384341-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-21-2216220318-1106448592-600384341-1001 -> DefaultScope {2FF3A029-70DF-4610-85BE-8832A2B01AE9} URL =
SearchScopes: HKU\S-1-5-21-2216220318-1106448592-600384341-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
FireFox:
========
FF ProfilePath: C:\Users\Dove\AppData\Roaming\Mozilla\Firefox\Profiles\i0zg0oga.default
FF NewTab: hxxp://yahoo.com/
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Dove\AppData\Roaming\Mozilla\Firefox\Profiles\i0zg0oga.default\searchplugins\google-lavasoft.xml [2016-07-25]
FF Extension: Adblock Plus - C:\Users\Dove\AppData\Roaming\Mozilla\Firefox\Profiles\i0zg0oga.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-04-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation) [File not signed]
R2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe [221239 2008-05-06] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161696 2009-07-09] (LSI Corporation) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53160 2016-04-29] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [776624 2016-04-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [83328 2015-11-23] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2006-11-02] (Realtek)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 17:38 - 2016-08-03 17:40 - 00009202 _____ C:\Users\Dove\Desktop\FRST.txt
2016-08-03 17:37 - 2016-08-03 17:38 - 00000000 ____D C:\FRST
2016-08-03 17:32 - 2016-08-03 17:32 - 01743872 _____ (Farbar) C:\Users\Dove\Desktop\FRST.exe
2016-08-02 17:47 - 2016-08-02 17:47 - 00000000 ____D C:\Users\Dove\AppData\Local\yahoomessenger
2016-08-02 17:21 - 2016-08-02 17:47 - 00000000 ____D C:\Users\Dove\AppData\Local\SquirrelTemp
2016-08-02 17:19 - 2016-08-02 17:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-02 11:28 - 2016-08-02 11:34 - 00000000 ____D C:\AdwCleaner
2016-08-02 11:18 - 2016-08-02 11:19 - 03712064 _____ C:\Users\Dove\Desktop\adwcleaner_5.201.exe
2016-07-28 15:51 - 2016-08-02 11:44 - 00000000 ____D C:\Program Files\DAUM
2016-07-24 15:58 - 2016-07-24 15:58 - 00000969 _____ C:\Users\Dove\Desktop\Auslogics Disk Defrag.lnk
2016-07-24 15:58 - 2016-07-24 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-07-24 15:58 - 2016-07-24 15:58 - 00000000 ____D C:\ProgramData\Auslogics
2016-07-24 15:58 - 2016-07-24 15:58 - 00000000 ____D C:\Program Files\Auslogics
2016-07-18 04:44 - 2016-08-03 17:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-18 04:44 - 2016-07-18 04:44 - 00001960 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-07-18 04:44 - 2016-07-18 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-07-18 04:44 - 2016-07-18 04:44 - 00000000 ____D C:\Program Files\Kaspersky Lab
2016-07-18 04:43 - 2016-04-29 06:12 - 00776624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-07-18 04:43 - 2016-04-29 06:12 - 00053160 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-07-18 04:43 - 2015-12-11 17:27 - 00145800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-07-18 03:29 - 2016-07-18 03:30 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\Dove\Desktop\kavremvr.exe
2016-07-17 20:11 - 2016-07-17 20:12 - 00000000 ____D C:\Users\Dove\AppData\Roaming\SumatraPDF
2016-07-15 03:09 - 2016-06-10 07:19 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-15 03:08 - 2016-06-25 08:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-15 03:08 - 2016-06-25 08:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-15 03:08 - 2016-06-25 08:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-15 03:08 - 2016-06-25 08:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-15 03:08 - 2016-06-25 07:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 10:15 - 2016-06-20 10:50 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 10:15 - 2016-06-20 10:48 - 12842496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 10:15 - 2016-06-20 10:46 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 10:15 - 2016-06-20 10:45 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 10:15 - 2016-06-20 10:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 10:15 - 2016-06-20 10:44 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 10:15 - 2016-06-20 10:43 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 10:15 - 2016-06-20 10:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 10:15 - 2016-06-20 10:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 10:15 - 2016-06-20 10:43 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 10:15 - 2016-06-20 10:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-07-14 10:15 - 2016-06-20 10:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 10:15 - 2016-06-20 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 10:15 - 2016-06-20 10:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-07-14 10:15 - 2016-06-20 10:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-07-14 10:15 - 2016-06-20 10:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 17:27 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-03 17:27 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-03 10:50 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-03 06:32 - 2006-11-02 06:01 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-03 06:03 - 2015-07-22 22:15 - 00000000 ____D C:\Users\Dove\AppData\Roaming\Skype
2016-08-02 18:02 - 2015-07-22 19:43 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-02 17:29 - 2015-07-23 03:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-31 14:27 - 2015-07-22 20:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-31 14:27 - 2015-07-22 20:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-31 14:27 - 2015-07-22 20:54 - 00000000 ____D C:\Users\Dove\AppData\Local\Adobe
2016-07-31 14:26 - 2015-07-22 20:55 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-28 14:48 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-07-28 14:48 - 2006-11-02 03:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-26 14:24 - 2015-01-30 21:01 - 00406184 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-23 03:47 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2016-07-18 04:44 - 2015-07-22 18:33 - 00000000 ____D C:\Users\Dove
2016-07-15 14:09 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2016-07-15 13:45 - 2006-11-02 05:47 - 00228936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-15 03:05 - 2015-09-18 13:53 - 00000000 ____D C:\Windows\system32\MRT
2016-07-15 03:00 - 2006-11-02 03:24 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-07-12 00:54 - 2015-07-22 22:15 - 00000000 ___RD C:\Program Files\Skype
2016-07-12 00:54 - 2015-07-22 22:14 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-07-22 19:21 - 2015-07-22 19:21 - 0003584 _____ () C:\Users\Dove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 18:49 - 2015-07-22 18:49 - 0017408 _____ () C:\Users\Dove\AppData\Local\WebpageIcons.db
2016-07-17 18:26 - 2016-07-17 18:35 - 0000798 _____ () C:\ProgramData\LMADIscan.log
Some files in TEMP:
====================
C:\Users\Dove\AppData\Local\Temp\libeay32.dll
C:\Users\Dove\AppData\Local\Temp\msvcr120.dll
C:\Users\Dove\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-03 10:56
==================== End of FRST.txt ============================
___________________________________________________________________________
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-08-2016
Ran by Dove (2016-08-03 17:40:27)
Running from C:\Users\Dove\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) (2015-01-20 03:30:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2216220318-1106448592-600384341-500 - Administrator - Disabled)
Dove (S-1-5-21-2216220318-1106448592-600384341-1001 - Administrator - Enabled) => C:\Users\Dove
Guest (S-1-5-21-2216220318-1106448592-600384341-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.0.0.0 - Auslogics Labs Pty Ltd)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5939.0 - IDT)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 16.0.1.445 - Kaspersky Lab) Hidden
Lexmark Pro710 Series Uninstaller (HKLM\...\Lexmark Pro710 Series) (Version: - Lexmark International, Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Skype™ 7.25 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.3.0 - Synaptics)
Yahoo Messenger (HKU\S-1-5-21-2216220318-1106448592-600384341-1001\...\yahoomessenger) (Version: 0.8.109 - Yahoo! Inc)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {D2413F01-8007-4B1A-A8E3-F593013A6958} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2011-06-03] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2007-01-25 22:11 - 2007-01-25 22:11 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll
2015-12-30 15:48 - 2011-06-17 12:36 - 00946856 _____ () C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
2015-12-30 15:48 - 2011-06-24 06:02 - 01454080 _____ () C:\Program Files\Lexmark Pro710 Series\lmabdrs.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2216220318-1106448592-600384341-1001\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2216220318-1106448592-600384341-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dove\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{2417CF08-EAE7-411E-972D-7A56E22D546B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{204ABA10-196D-47C0-9F08-8B8891D2D40C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F9C01264-C95A-444A-8E44-85DDDC0EB828}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F4B8263-1CE0-4349-BC4B-9A16856D5965}] => (Allow) LPort=80
FirewallRules: [{CFA5A0B1-CDEF-4E94-BBCD-1A66FEA4153C}] => (Allow) LPort=80
FirewallRules: [{5731FF9F-0B95-4B68-8A14-006918752416}] => (Allow) LPort=80
FirewallRules: [{A60EFE27-DFC2-4404-B24E-1633A16490D2}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9417B87D-6518-4F45-819F-585B8F572602}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{572437A3-41F8-4EE0-B70C-769329A4FA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E703FD98-1CB0-4AC1-893C-8D5E1E9F992E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{98282958-9215-40C1-BEE6-8C22F2002A11}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{10489D24-756B-4EC8-ACE4-7DC1B8EBAA7C}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{60057A31-0156-439E-B0AB-B6789287314E}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{6631AA9F-79D0-41B3-BD42-C7B567325216}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{4EF1364F-D641-4058-899E-33C4CDA514AB}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{3EF263C9-2244-4CB0-87AD-FEEF8BD8C271}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{E9AB6F4D-080B-4416-82C0-F05EE87E3501}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{1BA00E2B-8F99-42BB-94FB-EEB3FC902CB5}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{85F448D2-F47E-4EB9-A998-F56972ADE803}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{01C41C7B-2232-40A3-9DAA-B57FEB23EEDB}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{C591EF8F-C56D-4921-89C8-31D3F96A0292}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{C58AF16A-99D6-4788-909E-AF60B1700358}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{C93D3165-5155-4469-B7A5-FD5C18EF2E8D}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{6F606BC4-409F-4AE8-8FCA-03BC729AAD86}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{4BE9F968-A796-4FF1-A939-25D55ABE9C6F}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{F6CA1A55-6759-4A18-83DC-C2E70415E123}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{307D20A9-D646-443A-8B0C-6CA8761CEA1F}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{AD69FF8C-3C56-4A7E-83BA-DF6FCFCEDDA7}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{C40667EC-6552-4857-9497-8E11A3F488D9}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{23BDF513-AA96-499C-9937-C0734F5A5A37}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{79AB66D2-81FD-490A-8622-79D1F24975F3}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [TCP Query User{72A924F8-08F6-464B-BB9C-6D034DD68AB4}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
FirewallRules: [UDP Query User{03FAD172-E40D-495F-B660-8CD127F09F70}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2016 05:41:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422.
Operation:
Instantiating VSS server
Error: (08/03/2016 05:41:56 PM) (Source: VSS) (EventID: 39) (User: )
Description: Volume Shadow Copy Service error: The Volume Shadow Copy service (VSS) is disabled. Please
enable the service and try again.
Operation:
Instantiating VSS server
Error: (08/03/2016 10:51:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/03/2016 02:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application YahooMessenger.exe, version 11.5.0.228, time stamp 0x4fbf6b79, faulting module Flash32_18_0_0_209.ocx_unloaded, version 0.0.0.0, time stamp 0x55a1edba, exception code 0xc0000005, fault offset 0x04737ad0,
process id 0xacc, application start time 0xYahooMessenger.exe0.
Error: (08/02/2016 05:30:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/02/2016 11:38:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/02/2016 10:34:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/02/2016 04:03:23 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).
Error: (08/02/2016 04:03:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422.
Operation:
Instantiating VSS server
Error: (08/02/2016 04:03:22 AM) (Source: VSS) (EventID: 39) (User: )
Description: Volume Shadow Copy Service error: The Volume Shadow Copy service (VSS) is disabled. Please
enable the service and try again.
Operation:
Instantiating VSS server
System errors:
=============
Error: (08/02/2016 11:34:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Restart the service
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Agere Modem Call Progress Audio1
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ABBYY FineReader 9.0 Sprint Licensing Service1
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service
Error: (08/02/2016 11:34:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Audio Service1
Error: (08/01/2016 01:23:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (07/28/2016 02:41:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:36:50 PM on 7/28/2016 was unexpected.
Error: (07/24/2016 03:47:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:43:41 PM on 7/24/2016 was unexpected.
CodeIntegrity:
===================================
Date: 2016-08-03 17:40:21.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:20.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:20.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:20.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:20.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klhk.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:19.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klhk.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:19.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klhk.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:19.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klhk.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:19.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-03 17:40:19.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core Duo CPU T2500 @ 2.00GHz
Percentage of memory in use: 79%
Total physical RAM: 1981.39 MB
Available physical RAM: 403.09 MB
Total Virtual: 4225.99 MB
Available Virtual: 2710.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:89.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: B5DFB5DF)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================